1025 matches found
Paris, The Thinker, and why your WAF should block XSS by default
With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...
A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch
When high-stakes events meet unprecedented attack volumes, disruption can be devastating. A Turkish luxury retail platform experienced this firsthand when it was hit with a record-breaking application-layer DDoS attack, peaking at 14.2 million requests per second RPS. This marks the largest DDoS...
Rethinking DDoS Defense: Why Scale Isn’t the Only Metric That Matters
In recent months, headlines have drawn attention to record-breaking DDoS attacks, often measured in terabits per second Tbps and accompanied by declarations of network capacity in the hundreds of Tbps. These figures, while impressive, can create a misleading narrative about what truly matters in...
Securing the Journey: Cybersecurity Challenges in the Tourism Industry
This weekend is World Tourism Day, a celebration of the global travel industry and the cultural, economic, and social connections it fosters. However, as the tourism industry continues to grow and evolve, it faces an increasing array of cybersecurity threats. From data breaches targeting personal...
When You’re Always Under #DDoS Attack
We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...
Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats
In a world powered by APIs, waiting for an attack is waiting too long. Business logic risks like Broken Object Level Authorization BOLA don’t announce themselves with obvious signatures or malware. They hide in plain sight within normal-looking traffic and by the time a BOLA exploit turns into a...
Cyber Threats in Costume: When Attacks Hide Behind a Mask
Introduction As Halloween approaches, the idea of costumes and disguises takes center stage, but the spirit of deception isn’t limited to one night. In the digital world, cyberattacks can also wear masks, concealing their true intentions to slip past defenses. Just as a costume can obscure who’s...
Seven Cybersecurity Tips to Protect Your Retail Business This Holiday Season
It’s no secret that the holiday season is the busiest time for online retailers, with sales starting as early as October and stretching until late December. According to the NRF, census data suggests that 2023 holiday sales experienced a 3.8% growth, reaching a record $964.4 billion about $3,000...
Leveling Up Security: Understanding Cyber Threats in the Gaming Industry
Introduction As the G2E Global Gaming Expo conference kicks off in Las Vegas, it's important to highlight the significant role cybersecurity plays in the rapidly evolving gaming industry. From online casinos to eSports, gaming has grown into a massive global enterprise, making it a prime target f...
Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support
In the energy and utility sector, safeguarding data and ensuring compliance with regulatory standards is paramount. With the increasing digitalization of operations, from smart grids to IoT-enabled devices, the need for robust encryption methods to protect sensitive information has never been...
Measures Healthcare Providers Can Take to Mitigate Disruptions
Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service DDoS attack was the cause of the online service outage. DD...
Hacking Safari with GPT 5.4
When Anthropic unveiled Mythos and Project Glasswing, the reaction was immediate and polarized. Some dismissed it as fear-driven marketing, while others treated it as a credible shift in the threat landscape. Like with many things, the truth is probably somewhere in the middle. I wanted to test...
Securing Applications Anywhere: Breaking Down the Wall of Confusion
Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private cloud, APIs, containers, and on-premises infrastructure. As application delivery has accelerated and architecture...
Integrating Advanced API Security with Imperva Gateway Environment
As APIs power the majority of modern web applications, implementing robust API security is no longer optional - it’s a critical necessity for data protection. This guide explores how to seamlessly integrate API gateway security into your Imperva on-premises environment to mitigate OWASP Top 10...
How Thales Protects Online Retail Sites from AI-Driven Bots during Holiday Shopping Season
Every November and December, online retailers gear up for their biggest revenue surge of the year. But while the traffic and transactions climb, so does the threat level. Cybercriminals know exactly when customer activity and the pressure on retail systems is at its highest and they’re automating...
The API Battleground: Why APIs are the new frontline—and how to stop the stealthiest attacks
APIs used to be the quiet backstage crew that made apps feel magical. Now attackers have learned the script — they walk onstage, deliver perfectly polite lines, and walk off with the props. In H1 2025 Imperva observed 40,000+ API incidents across 4,000+ monitored environments , including an...
On Entrust? Imperva has your back!
Managing SSL/TLS certificates is a critical yet complex task for any organization. Certificates ensure secure communication between users and your web applications, but maintaining them involves constant vigilance and expertise. From monitoring expiration dates to renewing and deploying new...
Code Injection in Perforce Helix Core (CVE-2026-6902)
Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 Helix Core between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 Helix Core before P4 Helix Core 2025.2 Patch 2,...
Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How Business Works
For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds. The latest 2026 Bad Bot Report: Bad Bots in the Agentic Age reinforces a shift that is now impossible to ignore. Automated traffic continues to outpace human...
Why PoP Count Isn’t the Real Measure of Application Security Performance
When evaluating cloud security platforms, one question comes up again and again: “How many Points of Presence do you have?” At first glance, the logic seems sound. More locations should mean lower latency, faster response times, and better protection. The assumption is simple: if security is...
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time reverse‑engineering traffic and guessing how things worked. That “security b...
When your DDoS mitigation provider goes down: Why traffic control can’t be outsourced
Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question. Do we really want our CDN, security, and routing control to live in the same place? This issue of control has become more urgent after a series of...
The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at Risk
The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more. And this is where organizations face a painful, often invisible problem: To protect APIs, many organizations end up exposing the very data...
’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season
The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...
KuppingerCole 2025: Why Thales is a Market Leader in API Security
APIs are the backbone of modern applications connecting critical microservices and enabling enterprises to turn data into context-aware business logic via AI across their digital services. As applications become more contextual, APIs expose the data, workflows, and model interactions attackers...