2025 in Review: A Year of Smarter, Context-Aware API Security

As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect. If 2024 was about laying the groundwork tracking API sessions to understand behavioral attacks, then 2025 was the year we built up...

CVE-2023-23752

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...

LeakScraper - An Efficient Set Of Tools To Process And Visualize Huge Text Files Containing Credentials

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks. Installation First things first : have a workingmongodb server. The...