Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2017/04/18 3:30 p.m.15 views

The Successful CISO: Tips for Paving the Way to Job Security

Seasoned CISOs know that failure to plan past a two-year window is dangerous—to both their company and their job security. But it’s all too common for many security strategies to look only two years out. Imperva CISO Shahar Ben-Hador has been with Imperva for eight-and-a-half years—the last...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/03/23 3:30 p.m.15 views

Get Going on Your GDPR Plan [Infographic]

General Data Protection Regulation GDPR enforcement begins May 2018. Are you ready? While enforcement may seem a way off, you don’t want to get derailed by last-minute planning efforts. Organizations should revisit their security and compliance strategies today to ensure they’re prepared to meet...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/23 6:1 p.m.14 views

CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised

Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WAF. What initially appeared to be unremarkable deserialization attack traffic turned out to be part of a large-scale credential theft operation exploiting...

9.8CVSS6.8AI score0.95376EPSS
Exploits5
Imperva Blog
Imperva Blog
added 2026/06/04 3:43 p.m.14 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
Imperva Blog
Imperva Blog
added 2025/09/10 9:15 p.m.14 views

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/18 5:23 p.m.14 views

QUIC-LEAK (CVE-2025-54939): New High-Risk Pre-Handshake Remote Denial of Service in LSQUIC QUIC Implementation

Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK CVE-2025-54939 is a newly discovered...

7.5CVSS8AI score0.00766EPSS
Exploits1
Imperva Blog
Imperva Blog
added 2025/04/09 1:34 p.m.14 views

The Database Kill Chain

Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...

8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/06/13 4:15 p.m.14 views

Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats

Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/09/11 10:47 p.m.14 views

How to Predict Customer Churn Using SQL Pattern Detection

Introduction to SQLs MATCHRECOGNIZE Clause SQL is a great way to perform analysis on your data. It is very common and supported by many database engines including big data solutions. SQL is used in many cases to analyze data in our data lake. However, when it comes to pattern detection, SQL...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/06/14 12:53 p.m.14 views

How Ticket Scalping Impacts Asia’s Live Entertainment Industry

Asia’s booming live entertainment industry has recently been plagued by a growing problem of ticket scalping. The term refers to the act of purchasing live event tickets in bulk by individuals, often through the use of automation aka bots, to later resell them at exorbitant prices. The issue isn’...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/06 12:48 p.m.14 views

Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection

On July 22, an Imperva customer was targeted by a network DDoS attack that reached a maximum bandwidth of 1.37 trillion bits per second Tbps, making it one of the largest attacks that Imperva has stopped and one of the larger DDoS attacks on record. The attack lasted a little over two hours in...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/23 1:0 p.m.14 views

SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository

Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/08 1:17 p.m.14 views

Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/03/15 12:36 p.m.14 views

By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection

The global business data security landscape has become dramatically more challenging over the last few years. One of the main reasons for this is insider threats, as reported in the 2022 Cost of Insider Threats Global Report, independently conducted by The Ponemon Institute. Several factors have...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/03/10 2:3 p.m.14 views

3 Steps to Putting a Modern Database Security Solution into Practice

As a Senior Security Solution Engineer, experience has shown me that there are no magic bullets when it comes to stopping data breaches. They are going to happen. What makes a data security solution most effective is the capacity to perform the reconnaissance activities necessary to identify...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/02/22 2:8 p.m.14 views

Why ATO Attacks Are Attacks on Your Customers

Motivated by the continual surge in eCommerce, which according to UNCTAD has seen unprecedented growth during the COVID-19 pandemic, retailers are scrambling to adapt to a shift in consumer demand and create unique customer experiences that set them apart from the competition. The rise in online...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/01/19 2:51 p.m.14 views

5 Myths About Interning in Cybersecurity

Dear future interns and intern employers, Everyone says, “do what you love”; but when the world is your oyster, where do you start? We are Arianna De Leon and Kaylin Hiatt and last summer we started our careers as marketing interns at Imperva. We come from very different backgrounds and had very...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/12/21 4:27 p.m.15 views

Imperva Snapshot™ Scan: What You Can Find in the Report

Imperva Snapshot is a free AWS RDS security assessment tool. You can use this tool to gain in-depth visibility into your data and get a deep understanding about what data resides in your RDS and where your RDS database security gaps are. Acquiring this intelligence is a key element and critical...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/11/04 3:55 p.m.14 views

Infographic: What is the economic impact of a data security platform?

Data security is important regardless of how your organization approaches cybersecurity. Whether it’s a protection-first approach, detection and remediation, or somewhere in between, data security enables organizations to inform on risk posture, protect against unauthorized data access and may...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/05/02 5:41 p.m.14 views

Configuring Imperva SecureSphere for GDPR Compliance: Part One

Time is running out. 23 days until GDPR enforcement The GDPR effective date is less than a month away and, given the significant risk and potential costs associated with a failure to comply, organizational readiness efforts continue to mount. GDPR non-compliance penalties can be severe up to 79...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/02/12 5:0 p.m.14 views

A Deep Dive into Database Attacks [Part I]: SQL Obfuscation

Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time...

8.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/12/04 7:2 p.m.14 views

Database Security at Cloud Scale

The biggest challenge to data security is the sheer volume and pace of data growth. More so even than the shift from relational data to unstructured or the migration of data to the cloud. “Cloud scale” is usually used to refer to technical items like data center size and operations or networks an...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/08/08 3:30 p.m.14 views

Do’s and Don’ts of Capacity Estimation for Database Monitoring Tools

When deploying a database monitoring tool, one of the first things you need to do is to determine the size of your deployment. So, where do you start? In a previous blog post I described the various aspects that can have an impact on the capacity requirements needed for a database monitoring...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/04/14 5:43 p.m.13 views

Anthropic Mythos: Separating Signal from Hype

The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive...

5.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/09/15 8:12 p.m.13 views

Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks

It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/12 8:18 p.m.13 views

Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/07/08 2:51 p.m.13 views

Behind the Booking: How Bots Are Undermining Airline Revenue

The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/07/07 7:46 p.m.13 views

Hijacking Ollama’s Signed Installer for Code Execution

This blog post is part of an ongoing series exploring how AI related tools aimed at developers can be exploited to compromise their machines. As these tools increasingly integrate deep system access, they also expand the attack surface available to threat actors. In our first post, we outlined a...

8.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/06/30 9:37 p.m.13 views

The Rise of Agentic AI: From Chatbots to Web Agents

Disclaimer: This post isn’t our usual security-focused content – today we’re taking a quick detour to explore the fascinating world of AI agents with the focus of AI web agents. Enjoy this educational dive as a warm-up before we get into the juicy details of AI web agents in our follow-up post...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/05/05 6:42 p.m.13 views

Redefining Application Security: Imperva’s Vision for the Future

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/04/16 10:52 p.m.13 views

From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities

Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/11/14 7:11 p.m.13 views

Business Logic Attacks Target Election-Related Sites on Election Day

As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/08/01 1:0 p.m.13 views

How Cyberthreats Could Disrupt the Olympics

Introduction Cybersecurity experts are on high alert, as the 2024 Olympic Games continue over the coming weeks. Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. The convergence of global attention, vast amounts of sensitive data, and...

7.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/07/29 9:33 p.m.13 views

Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option

API Security Anywhere Self-Managed Option Imperva continues to deliver solutions that help customers protect their applications and APIs, whether in the Cloud, on-premises, or in a hybrid environment. Imperva API Security includes a SaaS-based and an on-premises solution, both managed in the...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/13 1:49 p.m.13 views

Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?

Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/08/07 12:57 p.m.13 views

Behind the Scenes of a Tailor-Made Massive Phishing Campaign

A global phishing campaign caught our attention after one of our colleagues was targeted by, and nearly fell victim, to a social engineering attack. The campaign involved more than 800 different scam domains and impersonated around 340 legitimate companies all over the world – including well-know...

6.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/11/23 6:20 p.m.13 views

Zero Reasons not to Move to Zero Trust with RASP

What is Zero Trust? Zero Trust is a security methodology that enterprises are rapidly adopting to enhance data protection by reducing the sole reliance on traditional perimeter-based protections. Traditionally, cybersecurity strategies have relied on a hardened perimeter with security tools like...

Exploits0
Imperva Blog
Imperva Blog
added 2022/11/03 12:15 p.m.13 views

From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022

What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s cybersecurity experts analyzed 12 months of data, collected from our global networ...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/11/01 1:19 p.m.13 views

Why Agentless DAM is a Better Option for Securing Cloud Data

In the context of on-premises database activity monitoring DAM, security teams use agents to enable them to see all requests coming into the databases as well as all responses going out of the databases. In other words, the agent-based approach enables database activity monitoring independent of...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/24 1:35 p.m.13 views

Why Cybersecurity Awareness Month is Every Month

Cybersecurity is a year-round issue Cybersecurity awareness is important year-round for the security of our businesses and customers. We’re proud to be a supporter of Cybersecurity Awareness Month. It has been invaluable in raising awareness of digital safety issues for a broad cross-section of...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/17 12:21 p.m.13 views

Four Big Reasons to Update Your Software

ABP To shamelessly paraphrase the 1992 crime drama Glengarry Glen Ross, “Always be patching.” Any home computer needs to be updated regularly. Drives and software updates are critical to the smooth running of the average home PC, and can often be overlooked. Business and professional computers ar...

7.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/10 12:37 p.m.13 views

Why we all Need a Password Manager

What is a password manager? A password manager helps users create unique and complex passwords and store them in an encrypted fashion, meaning each website, application, or program that needs login information can use a more secure string of characters, letters, and symbols. Users don’t have to...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/28 12:59 p.m.13 views

For Cost-Conscious Compliance Reporting, Rethink Your Data Retention Capability

Staffing costs required to generate reports for compliance audits are high, but the time required to generate the reports themselves is not necessarily to blame if you have suitable access to your data. Today, the cost to retain data is the real challenge in compliance reporting. In this post,...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/01 1:59 p.m.13 views

Are you getting the most out of your security platform investment?

In the last few years, most organizations had to accelerate their digital transformation to continue operations during the pandemic. However, as more software, applications, and data architectures were added to the technology stack, the number of tools implemented to secure these assets became...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/18 12:58 p.m.13 views

How to ‘Win’ a Red Team Exercise

What is a red team exercise? Organizations that conduct red team exercises use penetration testing tactics to assess vulnerabilities and discover weak points in their cybersecurity preparation. Usually, this involves two teams - one red the protagonists and one blue the incident responders who mu...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/06/08 12:15 p.m.13 views

Five Ways Cyber Attackers Leverage Bad Bots to Commit Automated Fraud

The accelerated shift to digital payments has made online fraud more prevalent than ever, as losses from it are expected to exceed $206 billion over the next five years, driven by identity fraud, fake accounts, and payment fraud. Catalyzed by the pandemic, the shift gained substantial traction in...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/06/02 12:34 p.m.13 views

Enhance Network Resiliency with Contingency DDoS Protection

Recent digital market outages have proven the fragility of network infrastructure. When your primary service provider experiences an unexpected outage, your infrastructure is left unprotected and vulnerable to a DDoS attack. The downtime you face waiting for your DDoS mitigation to start working...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/05/11 2:0 p.m.13 views

Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/19 1:4 p.m.13 views

4 Bad Bots Likely to Cause Problems for the Remainder of 2022

A short primer on internet bots An Internet bot bot, for short is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at a dramatically greater rate than any human. Beneficial or anodyne bots are characterized as legitimate, o...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/02/28 2:18 p.m.13 views

How Insider Threats Drive Better Data Protection Strategies

Fifty-eight percent of sensitive data security incidents are caused by insider threats, according to a recent study by Forrester Research. Insider threats originate from inappropriate use of legitimate authorized user accounts. These accounts - assigned to internal employees and business associat...

6.8AI score
Exploits0
Total number of security vulnerabilities1025