CVE-2024-2343

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CVE-2022-50682

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...

CVE-2022-50682

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations,...

Shifting from reCAPTCHA to hCaptcha

We are adding another CAPTCHA vendor and helping our customers migrate from Googles reCAPTCHA to hCaptcha. Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully evaluating several different CAPTCHA...

The Secret Vulnerability Finance Execs are Missing

The Other Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd...

Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications

The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated...

Financial Services: Web Application Attacks Grow by 38% In First Half of 2021

During his career in the middle of the last century, professional bank robber Willie Sutton made off with an estimated $2 million in stolen money. Urban legend has it that when a journalist asked Sutton why he robbed banks, he replied, “That’s where the money is.” In later interviews, Sutton...

Web Application Firewalls Instrumental in Digital-First Banking

Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital channels, whether online or mobile, a digital-fir...

It's universal: We all love to exchange gifts. Singles' Day and Diwali are two more reasons to do so.

There is scientific evidence that humans secrete "feel good" chemicals in their brain, such as serotonin, dopamine, and oxytocin, while giving. So it's no wonder that many of us look forward to the holidays. Online mobile shopping trends for Singles' Day and Diwali certainly confirm that. Sadly,...

Web Application and API Protection -- From SQL Injection to Magecart

SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security Project OWASP highlighted injection flaws in its Top 10 lists for both web application security risks...

Every Application Should Be Behind a WAF

It's no secret that security threats continue to expand in volume and variety, making headlines on virtually a daily basis. From nation-state attacks, corporate espionage, and data exfiltration campaigns to all-in-one and sneaker bot campaigns, businesses across the globe find themselves dealing...

Verizon DBIR: Web App Attacks and Security Errors Surge

Verizon’s 2020 Data Breach Investigations Report DBIR, released Tuesday, analyzed 32,002 security incidents and 3,950 data breaches to sniff out the top causes of data breaches over the past year. While cyber-espionage attacks and malware decreased, other trends, such as security “errors” cloud...

Targeted Security Attacks Impact Holiday Shopping

Part 2 - Security In the first post, web performance was discussed, especially for the mobile visitor. While web performance is critically important, security is also a vital area of focus and investment because, threat actors don't take holidays. They're always out on the internet probing sites,...

Summer SOTI - Web Attacks

Continuing Changes Welcome to the second blog post for the Summer 2018 State of the Internet / Security. If you've read the SOTI / Security report before, much of what you see here should be familiar, though the time frame we're looking at is the six months from November 2017 to April 2018, inste...

Six Ways to Secure APIs

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...

Superior and safe user experiences with the Akamai Cloud Delivery Platform

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...

TRS Infogate Plugin SSRF Vulnerability

TRS Infogate is a general-purpose plug-in developed by TORS for application on WCM and IDS platforms of national governments, enterprises and institutions. TRS Infogate plug-in page infogate/customer/system/wcmurltest.jsp SSRF vulnerability. The page in the infogate/customer/system directory can...

2014 Verizon Data Breach Investigations Report DBIR

The attention given to the Target data breach elevated concerns about point-of-sale hacks and got us reacquainted with RAM scrapers and other threats to retailers big and small. And while it’s been a noteworthy highlight to the annual Verizon Data Breach Investigations Report for the past few...

Profense 2.2.20/2.4.2 - Web Application Firewall Security Bypass

source: https://www.securityfocus.com/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks. Versions prior to the following ar...