GHSA-2HJ5-G64G-FP6P Argo CD allows cross-site scripting on repositories page

Impact This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with...

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact

API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of millions. However, other hidden costs often compound the issue, especially if you’re not expecting them. This article will explore the...

How to Use ITSM, SIEM, and SOAR to Remediate API Attacks

...

PCI DSS v4.0: What You Need to Know and What the End of v3.2.1 Means for the Future of Digital Payments

On March 31st, 2024, The Payments Card Industry Standards Security Council PCI SSC officially retired version 3.2.1 of the PCI Data Security Standard PCI DSS with the publication of its new sets of protocols and security standards for v4.0. With the continued rise in cyber threats against financi...

Five Key Takeaways from the 2024 Imperva Bad Bot Report

Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...

Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024

The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting the business logic of APIs constituted 27% of attacks in 2023, a growth of 10%...

Five Takeaways from Black Friday & Cyber Monday Cyber Attacks

The online retail industry is one of the prime targets for cybercrime, as detailed in our annual analysis of the cybersecurity threats targeting eCommerce websites and applications. As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring how cybercriminals are...

Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023

If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend, co...

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four 4 days. Now the National Credit Union Administration NCUA1 has updated their Cyber Incident Notification Rule, requiring all federally insured Credit Unions to notify the NCUA ...

What We Learned from the 2023 Imperva Bad Bot Report

The 2023 Imperva Bad Bot Report is now available. The 10th edition of the annual report takes a deep dive into the latest bad bot statistics and trends from the past year, providing meaningful information and guidance about the nature and impact of bots. Understanding the risks of unmanaged bot...

Slipping Through the Security Gaps: The Rise of Application and API Attacks

...

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

Imperva releases its Global DDoS Threat Landscape Report 2023

The 2023 Imperva Global DDoS Threat Landscape Report reviews DDoS attack activity throughout 2022, provides insights into the year’s most noteworthy DDoS events, and offers recommendations for the year ahead. While the report focuses mainly on research data from the application and network DDoS...

Can ChatGPT be used to attack your APIs? | API Security Newsletter

The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...

India Becomes Top Global Target for API Attacks

An increased adoption of APIs also increases the risk of API attacks. Read about how India has become a top global target for API attacks in 2022...

Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

Format string

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...