Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2025/10/07 4:55 p.m.10 views

Another Critical RCE Discovered in a Popular MCP Server

Artificial Intelligence development is moving faster than secure coding practices, and attackers are taking notice. Imperva Threat Research recently uncovered and disclosed a critical Remote Code Execution RCE vulnerability CVE-2025-53967 in the Framelink Figma MCP Server. This is just one exampl...

8CVSS9.1AI score0.07417EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2025/09/12 9:40 p.m.10 views

Operation Eastwood: Measuring the Real Impact on NoName057(16)

Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057016. The announcement promised a major disruption to the group’s activities. In this blog, we explore whethe...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/04/17 11:7 p.m.10 views

The Future of SSL Certificate Management: Adapting to Shortened Renewal Periods

The industry is evolving yet again. With the CA/Browser Forum's recent decision to reduce the maximum SSL/TLS certificate lifecycle to 47 days by 2029, the way organizations manage their certificates is going to change significantly—and sooner than most realize. This update builds on the trend of...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/02/25 3:1 a.m.10 views

How to Comply with PCI DSS 4.0 Requirements 6.4.3 and 11.6.1

The countdown to compliance is in its final stretch. With the third and final phase of PCI DSS 4.0 requirements taking effect on March 31, 2025, organizations are under increasing pressure to ensure their client-side security measures meet the new requirements. At Imperva, we’re committed to...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/12/20 12:27 a.m.10 views

Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers

In the not-so-distant past, webmasters faced challenges from bots like Google's search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models LLMs like ChatGP...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/07/31 6:58 p.m.10 views

How Generative AI Will Transform Cybersecurity

One of the most promising developments in the fight against cybersecurity threats is the use of artificial intelligence AI. This cutting-edge technology has the potential to revolutionize the way organizations manage cyberthreats, offering unprecedented levels of protection and adaptability. AI i...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/01/16 8:0 a.m.10 views

Is the FSI innovation rush leaving your data and application security controls behind?

Fuelled by rising consumer expectations for innovative services and easy real-time access to financial products and information, financial services industries FSI and fintech organizations are racing to out-innovate each other and capture market share. The sizeable growth of investments into the...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/20 12:55 p.m.10 views

“Oops, I insecurely coded again!”

The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a principal focus of vulnerability mitigation...

8.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/26 2:15 p.m.10 views

Four Benefits of Software as a Service (SaaS) for Cybersecurity Teams

Software as a service, or SaaS as it’s more commonly known, is more than just a license delivery model and a way for cybersecurity teams to pay for critical cybersecurity software - it has real benefits for the customer. In a SaaS distribution model, the software is hosted by the software service...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/01/18 1:54 p.m.10 views

3 Data Source Coverage Capabilities You Need from Your Database Security Solution

When Henry Ford, the de-facto inventor of mass production, was asked during a production meeting in 1909 in which colors his Model T automobile would be available to consumers, Ford - a notorious stickler for keeping costs to the bare minimum - offered almost no optional extras and that included...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/11/16 2:18 p.m.10 views

Protecting today’s web applications requires more than a firewall

The way organizations build web applications has changed dramatically over the last several years. As a result, many organizations are considering additional security strategies to augment the Web Application Firewall WAF on which they have relied to protect critical digital business operations...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/29 7:30 a.m.10 views

The SysAdmin Class for the World’s Greatest Role-Playing Game

If you’re not sure what a System Administrator SysAdmin does, this is the person in your company or possibly an external contractor who fearlessly oversees the maintenance, care, configuration, and stable operation of your computers and servers. It’s your SysAdmin who is responsible for the...

0.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.9 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/05/06 9:39 a.m.9 views

API Security Operations: How to Move from Visibility to Measurable Risk Reduction

A five-level operating model for turning API security visibility into measurable risk reduction, faster remediation, and confident digital growth — without slowing development. What is API security operationalization? API security operationalization is the process of converting API discovery and...

5.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/12/16 5:0 p.m.9 views

Imperva Partners with TollBit to Power AI Traffic Monetization for Content Owners

The surge in AI-driven traffic is transforming how websites manage their content. With AI bots and agents visiting sites at unprecedented rates often scraping without permission, payment, or attribution content owners face a critical challenge: how to protect their intellectual property while...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/12/01 4:20 p.m.9 views

CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.1.0. Multiple threat actors a...

9.8CVSS8.9AI score0.88312EPSS
Exploits1
Imperva Blog
Imperva Blog
added 2025/09/30 7:47 p.m.9 views

Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance

When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 script inventory, authorization, and integrity monitoring and 11.6.1 detection o...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/05 4:19 p.m.9 views

Imperva Detects and Mitigates Rejetto HFS Spray-and-Pray Ransomware/Trojan Campaign

On July 19th, Imperva Threat Research team detected a sudden surge in HTTP probes targeting Rejetto HTTP File Server HFS 2.x instances. What looked like routine internet noise quickly revealed itself as a coordinated attempt to exploit a critical unauthenticated server-side template injection...

9.8CVSS8.8AI score0.99485EPSS
Exploits20
Imperva Blog
Imperva Blog
added 2025/07/24 4:38 p.m.9 views

Surges in Cyber Activity Accompany Regional Military Operations

Geopolitical events and military operations often trigger a cascade of online activity, both legitimate and malicious. Recent data from our global threat network highlights the strong connection between military escalations and cyberattacks, with the latest example unfolding in the Middle East...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/07/01 7:0 a.m.9 views

Elastic WAF: Reshaping Application Security for DevOps and Hybrid Environments

We recently discussed Imperva’s vision for the future of application security, where we also covered the Imperva Security Engine. This innovative application security framework is powering up the next generation of Imperva solutions, the first of which is Imperva Elastic WAF. This blog is the fir...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/06/20 5:10 p.m.9 views

CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin

Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability CVSS v3.1 estimated score: 7.5 in Apache Traff...

7.5CVSS8.1AI score0.00632EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2025/06/03 8:32 p.m.9 views

Discover First, Defend Fully: The Essential First Step on Your API Security Journey

APIs power today’s digital economy, but their lightning-fast evolution and astronomical call volumes can leave security teams scrambling to keep up. How can you secure what you can’t yet see or quantify? Imperva’s Unlimited Discovery-Only capability for the Cloud WAF CWAF add-On delivers...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/12/03 3:36 p.m.9 views

First Things First: Know and Prioritize Your Risk in Data Security

Fortify your risk posture by shifting focus from network security to data-centric security for more robust cyber defense. Cyberattacks are one of the most onerous threats faced by businesses today. Not only is cybercrime skyrocketing in volume, it is also increasing in AI/ML-powered sophisticatio...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/11/19 9:45 p.m.9 views

Imperva and the Secure by Design Pledge: A Commitment to Cybersecurity Excellence

The Cybersecurity and Infrastructure Security Agency CISA has introduced a voluntary "Secure by Design Pledge" for enterprise software manufacturers, focusing on improving the security of their products and services. This pledge outlines seven key principles, forming the core of a robust...

8.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/11/07 2:0 p.m.9 views

Java(Script) Drive-By, Hacking Without 0days

A remote code execution chain in Google Chrome, which allows an attacker to execute code on the host machine, can cost anywhere from $250,000 to $500,000. Nowadays, such powers are typically reserved for governments and spy agencies. But not so long ago, similar capabilities were accessible to th...

8.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/10/22 9:15 p.m.9 views

Modernizing Data Security: Imperva and IBM Z in Action

As data security continues to evolve, businesses require solutions that scale to modern environments. Imperva and IBM Z have partnered to deliver a comprehensive approach to securing data within IBM z/OS environments while supporting the agility, resource availability, and cost-efficiency that...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/07/05 8:25 p.m.9 views

Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF

In todays rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code IaC has emerged as a game-changer, enabling organizations to automate the provisioning and...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/01 6:28 p.m.9 views

Accelerating Cloud-Native Data Security Deployments at Scale with Imperva’s eDSF Kit

Todays evolving digital landscape and the rapid expansion of cloud technologies have necessitated a shift in the approach of deploying and managing data security across multiple platforms. Traditional methods of manual deployment of data activity monitoring, risk analytics, and threat detection...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/03/07 1:50 a.m.9 views

Advanced Persistent Threat Groups Behind DDoS Attacks on Danish Hospitals

On Sunday 26 February the websites of several Danish hospitals were taken offline after being hit by Distributed Denial of Service DDoS attacks claimed by a group calling themselves ‘Anonymous Sudan’. According to reports on Twitter patient care was unaffected by the attacks and the sites were ba...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/05 12:55 p.m.9 views

Imperva DSF Secures Your Data in Amazon Web Services Enterprise Data Lakes

Data lakes serve as a central repository for storing several data types - structured, semi-structured, and unstructured - at scale. One of the ways data lakes are useful is they do not require any upfront work on the data. You can simply integrate and store data as it streams in from multiple...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/13 12:17 p.m.9 views

Reduce Risk from Insider Threats Using Imperva Data Security Fabric

The definition of insider threats is as broad as the risks it represents. While insider threats may originate from negligent or malicious employees, they can also be external cybercriminals who bypassed perimeter controls using a compromised user account. No matter the source, or motivation,...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/10/15 6:29 p.m.9 views

DDoS attacks on VoIP and the urgent need for DDoS protection

VoIP companies have recently been the target of a series of ransom Distributed Denial of Service DDoS attacks around the globe with UK-based VoIP providers including VoIP Unlimited, and Quebec-based company VoIP.ms being hit by aggressive and sustained attacks destabilizing their infrastructure a...

1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/30 9:25 a.m.8 views

AI Agents Are Visiting Your Website. Which Ones Should You Trust?

The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked a website, and consumed the content directly from the source. But AI is changing that model. Increasingly, users ask AI assistants for answers instead...

5.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/10 2:13 p.m.8 views

Compromise OpenClaw with Prompt Injections in Message Objects

Executive Summary As powerful personal AI assistants become increasingly widespread, their ability to access tools, files, and external services also makes them susceptible to prompt injection attacks, where malicious content can manipulate their behavior. This research evaluated OpenClaw against...

5.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/05/09 7:5 p.m.8 views

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

7.5CVSS5.9AI score0.01533EPSS
Exploits1
Imperva Blog
Imperva Blog
added 2026/05/06 6:28 p.m.8 views

Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

10CVSS7.5AI score0.9967EPSS
Exploits9
Imperva Blog
Imperva Blog
added 2026/02/17 6:48 p.m.8 views

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

5.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/12/17 10:30 a.m.8 views

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational - embedded into products and service...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/11/25 7:36 a.m.8 views

Imperva Named a Leader in KuppingerCole’s Leadership Compass 2025 for Web Application and API Protection

In the latest 2025 KuppingerCole Leadership Compass for Web Application and API Protection WAAP, Imperva has once again secured a Leadership position; a testament to our unwavering commitment to protecting the modern digital experience. Why This Report Matters The WAAP market represents the...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/10/28 5:27 p.m.8 views

CVE-2025-62725: From “docker compose ps” to System Compromise

Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, whil...

8.9CVSS7AI score0.13848EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2025/09/03 8:37 a.m.8 views

Why Separating Control and Data Planes Matters in Application Security

Modern application environments are dynamic, distributed, and moving faster than ever. DevOps teams deploy new services daily, APIs multiply across regions, and traffic fluctuates by the hour. At the same time, organizations must uphold security, compliance, and availability without slowing...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/04 9:36 p.m.8 views

How to Eliminate Deployment Bottlenecks Without Sacrificing Application Security

Today, organizations increasingly rely on DevOps to accelerate software delivery, improve operational efficiency, and enhance business performance. According to RedGate, 74% have adopted DevOps, and according to Harvard Business Review Analytics, 77% of organizations currently depend on DevOps to...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/04 5:59 p.m.8 views

Introducing DataTrap: A Smarter, More Adaptive Honeypot Framework

Today, we're excited to release DataTrap, a powerful, extensible honeypot system built to simulate realistic web applications, IoT devices, and database behavior across HTTP, HTTPS, SSH, and database protocols e.g., MySQL. What sets DataTrap apart? It goes beyond static honeypots by combining...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/01/18 12:13 a.m.8 views

How Imperva Protects the Arts Industry from Ticketing Abuse by Carding Bots

The ticketing industry is under constant threat from malicious bots, with bad actors targeting these platforms for financial gain. Bots accounted for 31.1% of all traffic to entertainment platforms in 2024, with attacks ranging from scalping and credential stuffing to carding operations. When one...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/10/21 1:0 p.m.8 views

Seven Cybersecurity Tips to Protect Your Retail Business This Holiday Season

It’s no secret that the holiday season is the busiest time for online retailers, with sales starting as early as October and stretching until late December. According to the NRF, census data suggests that 2023 holiday sales experienced a 3.8% growth, reaching a record $964.4 billion about $3,000...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/09/12 7:52 p.m.8 views

Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

In the energy and utility sector, safeguarding data and ensuring compliance with regulatory standards is paramount. With the increasing digitalization of operations, from smart grids to IoT-enabled devices, the need for robust encryption methods to protect sensitive information has never been...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/25 9:3 a.m.7 views

API Security Demystified: Which Tools Actually Protect Your APIs (And Where the Gaps Are)

Introduction Quick answer: No single tool secures an API. API security is a layered discipline. Secure-coding analyzers and SCA scanners catch code and dependency flaws; DAST tests running APIs; API gateways and IAM enforce authentication and rate limits; a WAF blocks known attack patterns; bot...

5.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/04/22 12:59 p.m.7 views

Enterprise-Grade Application Security, Cloud-Native Speed: Introducing Imperva for Google Cloud

In today’s dynamic digital environment, the pressure to innovate has never been greater. Development teams are pushing for native cloud tools to maximize performance and cost-efficiency, while security teams require best-of-breed, enterprise-grade protection to defend against an ever-evolving...

5.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/04/06 10:29 p.m.7 views

Why AI Bot Protection and Control Are Essential for Application Security

AI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application...

5.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/03/15 1:4 p.m.7 views

Why Most DDoS Protection Fails: Solving for Continuity and Resilience

Most organisations assume DDoS Distributed denial of service protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking goes, their provider will absorb it and move on. But in the real world it can be a different story. Many incidents aren’t caused by the scal...

5.4AI score
Exploits0
Total number of security vulnerabilities1025