PT-2025-28949 · Ruckus · Network Director

Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director RND stores passwords in a recoverable format. Recommendations: Update RUCKUS Network Director to version 4.5 or later...

Inside the AI Threat Landscape: From Jailbreaks to Prompt Injections and Agentic AI Risks

AI has officially moved out of the novelty phase. What began with people messing around with LLM-powered GenAI tools for content creation has rapidly evolved into a complex web of agentic AI systems that form a critical part of the modern corporate landscape. However, this transformation has give...

PT-2025-28412 · Unknown · Quiter Gateway

Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue allows an attacker to retrieve, create, update, and delete databases through the "pagina.filter.categoria mensaje" in the "/QuiterGatewayWeb/api/v1/sucesospagina" endpoint. This...

Local File Inclusion (LFI)

microweber/microweber is vulnerable to Local File Inclusion LFI. The vulnerability is due to insufficient path validation and inadequate restrictions in the backup management API, allowing authenticated users to read arbitrary files via crafted requests to the upload and download endpoints...

What CISA’s BOD 25-01 Means for API Security and How Wallarm Can Help

The US government has taken another significant step towards strengthening cloud security with the release of CISA’s Binding Operational Directive BOD 25-01. Aimed at improving the security posture of federal cloud environments, BOD 25-01 mandates robust configuration, visibility, and control...

Operationalize Day-2 Services for API Security and Microsegmentation

Learn how to turn post-deployment services into a revenue opportunity and provide ongoing value for your customers with industry-leading tools and service playbooks...

CVE-2025-6732

The CVE-2025-6732 entry concerns UTT HiPER 840G (versions up to 3.1.1-190328) where the API’s /goform/setSysAdm component uses strcpy on the passwd1 argument. This insecure operation enables a buffer overflow, with remote attack potential and high impact to confidentiality, integrity, and availab...

Study Reveals API Security Gaps in Asia-Pacific Compliance Programs

...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats

In a world powered by APIs, waiting for an attack is waiting too long. Business logic risks like Broken Object Level Authorization BOLA don’t announce themselves with obvious signatures or malware. They hide in plain sight within normal-looking traffic and by the time a BOLA exploit turns into a...

MAL-2025-5483 Malicious code in wonderland-api-security-plugin (npm)

The package communicates with a domain associated with malicious activity...

Enhancements to Akamai API Security, Q2 2025

Akamai API Security updates 3.48 and 3.49 include Compliance Dashboard enhancements, integration with Zuplo API gateway, and expanded sensor coverage...

CVE-2025-25215

CVE-2025-25215 affects Dell ControlVault3 and ControlVault3 Plus; an arbitrary-free vulnerability resides in the cv_close path due to insufficient session validation. Talos’ analysis shows an attacker can forge a fake session on the CV firmware (for sessions allocated on the device heap) and trig...

API Security Under Federal Scrutiny: A Wake-Up Call for CIOs

...

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

CISO Spotlight: Rick Bohm on Building Bridges, Taming AI, and the Future of API Security

Nestled in a log cabin high in the Rocky Mountains, Rick Bohm starts his day the same way he’s approached his career: intentionally, with a quiet commitment to learning and action. Boasting more than three decades of cybersecurity experience, Rick has watched tech evolve from dial-up ISPs to...

CVE-2025-4128

CVE-2025-4128 affects Mattermost server: vulnerable products are Mattermost versions 10.5.x (up to 10.5.4) and 9.11.x (up to 9.11.13). The issue is an improper access restriction that allows guest users to bypass permissions and view information about public teams they are not members of via dire...

GraphQL Unauthenticated Mutation Detected

GraphQL is an open-source query and manipulation language for APIs. Unlike regular queries that only read data, mutations are operations designed to modify data on the server. When GraphQL APIs allow mutation operations without requiring proper authentication, attackers can manipulate, insert,...

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

CVE-2025-27505 GeoServer Missing Authorization on REST API Index

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...