Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to...

Enterprise-Grade Application Security, Cloud-Native Speed: Introducing Imperva for Google Cloud

In today’s dynamic digital environment, the pressure to innovate has never been greater. Development teams are pushing for native cloud tools to maximize performance and cost-efficiency, while security teams require best-of-breed, enterprise-grade protection to defend against an ever-evolving...

Integrating Advanced API Security with Imperva Gateway Environment

As APIs power the majority of modern web applications, implementing robust API security is no longer optional - it’s a critical necessity for data protection. This guide explores how to seamlessly integrate API gateway security into your Imperva on-premises environment to mitigate OWASP Top 10...

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

EUVD-2018-17183

Malware in sbrugna...

EUVD-2008-1467

Malware in sbrugna...

EUVD-2018-11331

Malware in sbrugna...

EUVD-2013-4023

Malware in sbrugna...

EUVD-2011-5165

Malware in sbrugna...

EUVD-2018-8462

Malware in sbrugna...

EUVD-2011-4804

Malware in sbrugna...

EUVD-2018-17173

Malware in sbrugna...

EUVD-2010-1358

Malware in sbrugna...

EUVD-2011-0779

Malware in sbrugna...

EUVD-2018-17182

Malware in sbrugna...

EUVD-2023-55697

Malicious code in bioql PyPI...

Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

Imperva Detects and Mitigates Rejetto HFS Spray-and-Pray Ransomware/Trojan Campaign

On July 19th, Imperva Threat Research team detected a sudden surge in HTTP probes targeting Rejetto HTTP File Server HFS 2.x instances. What looked like routine internet noise quickly revealed itself as a coordinated attempt to exploit a critical unauthenticated server-side template injection...