1025 matches found
Data Masking 101 – Whiteboard Wednesday [Video]
Data masking is an effective way to protect a large majority of your organization’s data. It replaces original data with realistic, but fictional data—reducing production data sprawl and your attack surface footprint, while maintaining the data's use for things like development, analytics modelin...
We asked 170 cyber security pros about ransomware. Here’s what they had to say.
The first week of January, my daughter called to say she couldn’t get into her college website to make changes to her spring schedule. Assuming servers were probably struggling to keep up with increased traffic, I told her to keep trying. However, it soon became apparent what the issue was. An...
Imperva Customers Protected Against CVE-2026-9082 in Drupal Core
TL;DR:CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL. The vulnerability affects Drupal’s database abstraction API and can allow specially crafted requests to trigger arbitrary SQL...
MadeYouReset: Turning HTTP/2 Server Against Itself
Introduction HTTP/2 was designed for performance- faster multiplexed connections, stream prioritization, and header compression. But these same features have also opened the door for sophisticated denial-of-service attacks. Back in 2023, the HTTP/2 Rapid Reset vulnerability made headlines after...
Imperva Customers Protected Against Critical “ToolShell” Zero‑Day in Microsoft SharePoint
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is under active exploitation in the wild. The vulnerability, with a CVSS score of 9.8, impacts on-premises SharePoint Server 2016, 2019, and Subscription Edition, and allows unauthenticated remote code execution...
The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents
In our first post, we introduced the world of AI web agents - defining what they are, outlining their core capabilities, and surveying the leading frameworks that make them possible. Now, we’re shifting gears to look at the other side of the coin: the vulnerabilities and attack surfaces that aris...
How Scalping Bots Exploited a Vulnerable API to Disrupt Online Retail Sales
In the fast-paced world of online retail, where customer satisfaction and availability are paramount, a sudden attack by scalping bots can disrupt operations, inflate costs, and damage reputation. A North American Online Retailer faced a month-long bot attack that targeted their inventory system,...
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
How much do bot attacks and API insecurity cost organizations? To answer these questions, Imperva engaged the Marsh McLennan Cyber Risk Intelligence Center to analyze incident data related to vulnerable APIs and bot attacks. Imperva’s latest report, “The Economic Impact of API and Bot Attacks,"...
Imperva & Thales: Pioneering a New Era in Cybersecurity
Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the worlds leading organizations but has done so with incredibl...
What are Dating Apps Doing to Protect Their Users?
A very public affair When asked about the pitfalls and problems behind using dating apps, users cite data security as one of the most worrying elements of online dating. Since the Ashley Madison breach in July 2015, online dating sites have repeatedly been under media scrutiny for the poor...
7 Ways Imperva Solutions Reduce the Cost of Data Security
As we push into Q4, economic uncertainty caused by rising interest rates, as-yet unchecked inflation, and a bear market is driving many enterprises to buck the trend and tighten cyber security budgets for the last three months of 2022. The result is increased pressure to achieve data security whi...
Why we all Need a Password Manager
What is a password manager? A password manager helps users create unique and complex passwords and store them in an encrypted fashion, meaning each website, application, or program that needs login information can use a more secure string of characters, letters, and symbols. Users don’t have to...
For Cost-Conscious Compliance Reporting, Rethink Your Data Retention Capability
Staffing costs required to generate reports for compliance audits are high, but the time required to generate the reports themselves is not necessarily to blame if you have suitable access to your data. Today, the cost to retain data is the real challenge in compliance reporting. In this post,...
Cybersecurity and PR: Making Data Protection Public
The customer cares Customers regularly see news about privacy and hacking, and they want to know that it’s safe for them to give over their personal data. A lack of trust in an eCommerce site is a leading reason why potential customers abandon their shopping carts. Consumers have no shortage of...
3 Steps to Putting a Modern Database Security Solution into Practice
As a Senior Security Solution Engineer, experience has shown me that there are no magic bullets when it comes to stopping data breaches. They are going to happen. What makes a data security solution most effective is the capacity to perform the reconnaissance activities necessary to identify...
What You Need to Do Today to Protect Against Account Takeover Attacks
Historically, account takeover ATO has been recognized as an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. Cybercriminals purchase a list of account credentials from the dark web that are usually compiled by hackers through social...
Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021
The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...
Lead a Cross-Organization Test Automation Project Fearlessly!
Last year, Imperva initiated a cross-organizational software project focused on creating a new management console and I had the privilege to lead its test automation effort. In this blog, I will explain the challenges we faced as technical leaders in executing the project and reveal the solutions...
Four Essential Features for a Database Security Strategy to Take on a Growing Threat Landscape
For a considerable time, many organizations have used three to five on-premise databases to manage their workloads, and many teams have tried to funnel every application into using those databases. Today, as the pressure to innovate while keeping costs low intensifies, organizations have started...
Imperva 收购 jSonar: 新一代数据安全
我很高兴地宣布,Imperva 已达成收购 jSonar 的协议!我们认为,jSonar 令人难以置信的产品和技术与我们保护数据和所有通往数据的路径的使命完美契合。合并之后,我们将能够提供一种全新的数据安全方法,帮助企业满足当前和未来的需求。 Imperva,数据安全的先驱 Imperva 成立于 18 年前,其理念是通过融合应用程序和数据安全来保护组织的数字资产和信息。2020 年,全球最大的公司告诉我们一个道理,所有的安全性(包括网络和应用程序)最终目的都是为了保护数据。从长远来看,网络的存在是为了把人们带到应用程序中,而应用程序则负责读写数据。Imperva...
One GRC Manager’s Practical Approach to GDPR Readiness
With about four months to go before the GDPR becomes effective many companies are still struggling with where to start. You’re not alone. According to this survey, the majority of companies are slow off the mark. On top of that, companies require resources and budget to prepare for and comply wit...
DevOps in the Cloud: How Data Masking Helps Speed Development, Securely
Many articles have discussed the benefits of DevOps in the cloud. For example, the centralization of cloud computing provides DevOps automation with a standard platform for testing and development; the tight integration between DevOps tools and cloud platforms lowers the cost associated with...
Women in Tech and Career Spotlight: Luda Lazar
For National Cyber Security Awareness Month my colleague Joy Ma kicked off the first in of a series of articles where we’ll be spotlighting some of the women who work at Imperva. Continuing in the series, I spoke with Luda Lazar, security research engineer for the Imperva Defense Center, to get h...
Real-Time Webhook Notifications: No More Lost Security Alerts
Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a spam rule. By the time anyone sees it, the incident is already in full swing—no ticket opened, no Slack message sent, no automated workflow triggered. The...
Using Bedrock with Claude Code? Your AWS Credentials Are Shared With Every Subprocess
Many developers today are using Claude Code, with a growing portion running it through Amazon Bedrock. For enterprise teams, Bedrock offers major advantages: keeping data inside a VPC, leveraging AWS credits, and integrating with existing IAM controls, monitoring, and security policies. Bedrock...
N8N: Shared Credentials and Account Takeover
Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s security. This finding highlights the core risks of centralized authentication in workflow automation platforms. As n8n serves as the central hub...
Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
Introduction and Vulnerability Overview Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components RSC. That post focused on the essentials: a critical flaw arising fr...
Imperva Customers Protected Against React Server Components (RSC) Vulnerability
Overview On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability CVSS 10.0, identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions. The React2Shell vulnerability stems from...
CVE-2025-61882: Imperva Customers Protected Against Critical Oracle EBS Zero-Day RCE
TL;DR: In early October 2025, Oracle released an emergency security alert addressing CVE-2025-61882, a high-severity unauthenticated remote code execution RCE vulnerability in the Concurrent Processing / BI Publisher Integration component of Oracle E-Business Suite EBS versions 12.2.3 through...
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don't Know What You Don't Know – And That's the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, fu...
Bridging the Security Knowledge Gap: Introducing AI ExplAIn for Imperva Cloud WAF
The challenge of maintaining robust web application security often comes down to communication. Security teams frequently spend countless hours explaining WAF blocking decisions to application developers who may lack security expertise. This communication gap not only creates friction between tea...
Evaluating the Security Efficacy of Web Application Firewalls (WAFs)
Web Application Firewalls WAFs are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most...
Imperva: A Leader in WAAP
Imperva – a Thales company and leading provider of Web Application and API Protection WAAP solutions, is a force to be reckoned with in the cybersecurity landscape. Our comprehensive approach to security, encompassing database security, enterprise application security, bot management, DDoS...
Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing
Occasionally, a new AI tool emerges unexpectedly and dominates the conversation on social media. This time, that tool is Cursor, an AI coding platform that’s making waves for simplifying app development with advanced models like Claude 3.5 Sonnet and GPT-4o. In a recent video posted on X, which h...
My Journey To CTO for Imperva App Sec
I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in application...
New Mirai Botnet Variants Observed: How to Identify a Mirai-Style DDoS Attack
The Mirai Internet of Things IoT botnet, notorious for targeting connected household devices like cameras, alarm systems, and personal routers, continues evolving and poses significant cybersecurity threats. It has a history of executing massive DDoS attacks, including a major incident that...
The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code
In the fast-paced world of web development, staying ahead of the curve is paramount, as developers are frequently under pressure to deliver products and functionalities quickly and efficiently. To meet accelerated timelines, they often leverage third-party scripts and open-source libraries,...
Imperva is an Overall Leader in the 2023 KuppingerCole Leadership Compass Data Security Platforms Report
Imperva is a leader in every category – Market, Innovation, and Product Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, is an Overall Leader in the 2023 KuppingerCole Leadership Compass for Data Security Platforms. Previousl...
New Imperva Office & Customer Experience Centre Aims to Meet the Needs of Customers In Singapore & Across Asia Pacific and Japan
Since 2009, Imperva has proudly maintained offices in various countries across the Asia Pacific and Japan APJ region. As the company experiences momentum in this region, we continue to invest in expanding our presence to better support our valued customers, wherever they’re located in APJ. This...
Out with the WAF, in with the WAAP
Advanced attacks call for advanced protection Bad actors are constantly discovering new attack vectors to exploit applications. To meet the threat, organizations need enterprise-level security more now than ever. Traditionally, implementing a Web Application Firewall WAF would be enough to secure...
A Recap of Released Features in Q3 for Imperva’s Online Fraud Prevention Solution
Advanced Bot Protection Earlier this year, Imperva was named a Leader in The Forrester Wave: Bot Management, Q2 2022. Advanced Bot Protection ABP ranked at the top in the current offering category, based on criteria including the range of supported use cases, bot detection, configuration and...
A Data-Centric Cybersecurity Framework for Digital Transformation
In this white paper A Cybersecurity Framework for Securing Cloud Data for Digital Transformation, analyst Richard Steinnon of IT Harvest explains that while cloud vendors supply a resilient and secure infrastructure, organizations who put data into the cloud are ultimately responsible for...
CISA Warns CISOs to Brace for Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA, a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is...
Let’s Get Under the Hood of Imperva Snapshot
A stress-free guide for the prudent cloud operator With minimal setup, Imperva Snapshot enables you to immediately start your in-depth Amazon Web Services AWS RDS database assessment. With no prior training required, cloud operators can use this useful tool to pinpoint deficiencies in their...
Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud
There are over 1.8 billion websites online today. Almost 98% of them are powered by JavaScript, and for a good reason: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But when that same functionality becomes a significant vector for...
10 Phishing Stats That’ll Make Your C-Suite Think
Wanting to run a phishing simulation is one thing, but persuading colleagues of the importance of doing so is another. You need to keep your organization safe, not just satisfy basic compliance requirements. You need to improve security awareness and colleague behaviors, throughout your...
GDPR and Breach Detection: How to Ask the Right Questions to Meet the GDPR Breach Notification Rule
It is now less than four months before the General Data Protection Regulation GDPR becomes effective. This new data regulation of the European Union is designed to provide individuals with rights and protections over their personal data collected by business around the world. It aims to unify dat...
Women in Tech and Career Spotlight: Shiri Margel
This month we’ll be closing out our series featuring women in tech at Imperva. While I work closely with many of the women we’ve spotlighted, I’ve found learning more about their backgrounds so interesting—I hope you have too! Continuing in the series, I spoke with Shiri Margel, team lead in the...
Why AI Agents Make API Security a CISO Priority
AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused. And the security implication is clear: the more autonomous systems rely on APIs, the more important it becomes to know exactly which APIs exist, how they are being used, and...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to...