Operation Eastwood: Measuring the Real Impact on NoName057(16)

Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057016. The announcement promised a major disruption to the group’s activities. In this blog, we explore whethe...

The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk

You Don't Know What You Don't Know – And That's the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, fu...

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

When You’re Always Under #DDoS Attack

We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...

Why Separating Control and Data Planes Matters in Application Security

Modern application environments are dynamic, distributed, and moving faster than ever. DevOps teams deploy new services daily, APIs multiply across regions, and traffic fluctuates by the hour. At the same time, organizations must uphold security, compliance, and availability without slowing...

Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers

Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...

Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick

A new HTTP request smuggling technique was recently discovered, where attackers take advantage of inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This attack technique leverages ambiguous request formatting to inject malicious secondary requests th...

QUIC-LEAK (CVE-2025-54939): New High-Risk Pre-Handshake Remote Denial of Service in LSQUIC QUIC Implementation

Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK CVE-2025-54939 is a newly discovered...

MadeYouReset: Turning HTTP/2 Server Against Itself

Introduction HTTP/2 was designed for performance- faster multiplexed connections, stream prioritization, and header compression. But these same features have also opened the door for sophisticated denial-of-service attacks. Back in 2023, the HTTP/2 Rapid Reset vulnerability made headlines after...

Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

Imperva Detects and Mitigates Rejetto HFS Spray-and-Pray Ransomware/Trojan Campaign

On July 19th, Imperva Threat Research team detected a sudden surge in HTTP probes targeting Rejetto HTTP File Server HFS 2.x instances. What looked like routine internet noise quickly revealed itself as a coordinated attempt to exploit a critical unauthenticated server-side template injection...

How to Eliminate Deployment Bottlenecks Without Sacrificing Application Security

Today, organizations increasingly rely on DevOps to accelerate software delivery, improve operational efficiency, and enhance business performance. According to RedGate, 74% have adopted DevOps, and according to Harvard Business Review Analytics, 77% of organizations currently depend on DevOps to...

Introducing DataTrap: A Smarter, More Adaptive Honeypot Framework

Today, we're excited to release DataTrap, a powerful, extensible honeypot system built to simulate realistic web applications, IoT devices, and database behavior across HTTP, HTTPS, SSH, and database protocols e.g., MySQL. What sets DataTrap apart? It goes beyond static honeypots by combining...

Surges in Cyber Activity Accompany Regional Military Operations

Geopolitical events and military operations often trigger a cascade of online activity, both legitimate and malicious. Recent data from our global threat network highlights the strong connection between military escalations and cyberattacks, with the latest example unfolding in the Middle East...

Imperva Customers Protected Against Critical “ToolShell” Zero‑Day in Microsoft SharePoint

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is under active exploitation in the wild. The vulnerability, with a CVSS score of 9.8, impacts on-premises SharePoint Server 2016, 2019, and Subscription Edition, and allows unauthenticated remote code execution...

From Cloudflare Bypass to Credit Card Theft

Introduction On July 6, 2025, a suspicious Python package called 'cloudscrapersafe' was uploaded to the Python Package Index PyPI. Marketed as a utility to evade Cloudflare’s anti-bot protections, this package was a modified version of a widely used 'cloudscraper' library, which is used to automa...

CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks

The cybersecurity community is once again sounding the alarm over a new vulnerability in Citrix NetScaler devices- this time, it’s CVE-2025-5777 , also dubbed CitrixBleed 2. Following in the footsteps of the high-profile CitrixBleed vulnerability CVE-2023-4966 disclosed in 2023, this newly...

Behind the Booking: How Bots Are Undermining Airline Revenue

The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...

Hijacking Ollama’s Signed Installer for Code Execution

This blog post is part of an ongoing series exploring how AI related tools aimed at developers can be exploited to compromise their machines. As these tools increasingly integrate deep system access, they also expand the attack surface available to threat actors. In our first post, we outlined a...

Bridging the Security Knowledge Gap: Introducing AI ExplAIn for Imperva Cloud WAF

The challenge of maintaining robust web application security often comes down to communication. Security teams frequently spend countless hours explaining WAF blocking decisions to application developers who may lack security expertise. This communication gap not only creates friction between tea...

Elastic WAF: Reshaping Application Security for DevOps and Hybrid Environments

We recently discussed Imperva’s vision for the future of application security, where we also covered the Imperva Security Engine. This innovative application security framework is powering up the next generation of Imperva solutions, the first of which is Imperva Elastic WAF. This blog is the fir...

The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents

In our first post, we introduced the world of AI web agents - defining what they are, outlining their core capabilities, and surveying the leading frameworks that make them possible. Now, we’re shifting gears to look at the other side of the coin: the vulnerabilities and attack surfaces that aris...

The Rise of Agentic AI: From Chatbots to Web Agents

Disclaimer: This post isn’t our usual security-focused content – today we’re taking a quick detour to explore the fascinating world of AI agents with the focus of AI web agents. Enjoy this educational dive as a warm-up before we get into the juicy details of AI web agents in our follow-up post...

Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats

In a world powered by APIs, waiting for an attack is waiting too long. Business logic risks like Broken Object Level Authorization BOLA don’t announce themselves with obvious signatures or malware. They hide in plain sight within normal-looking traffic and by the time a BOLA exploit turns into a...

CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin

Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability CVSS v3.1 estimated score: 7.5 in Apache Traff...

Discover First, Defend Fully: The Essential First Step on Your API Security Journey

APIs power today’s digital economy, but their lightning-fast evolution and astronomical call volumes can leave security teams scrambling to keep up. How can you secure what you can’t yet see or quantify? Imperva’s Unlimited Discovery-Only capability for the Cloud WAF CWAF add-On delivers...

Evaluating the Security Efficacy of Web Application Firewalls (WAFs)

Web Application Firewalls WAFs are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most...

Beware! A threat actor could steal the titles of your private (and draft) WordPress posts with this new vulnerability!

As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That makes any newly discovered vulnerability especially concerning—like the one recently found and reported by Imperva researchers, which could affect any WordPress site. In...

Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity

As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...

Redefining Application Security: Imperva’s Vision for the Future

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to...

The Future of SSL Certificate Management: Adapting to Shortened Renewal Periods

The industry is evolving yet again. With the CA/Browser Forum's recent decision to reduce the maximum SSL/TLS certificate lifecycle to 47 days by 2029, the way organizations manage their certificates is going to change significantly—and sooner than most realize. This update builds on the trend of...

From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities

Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...

2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat

Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence AI is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated to helping organizations manage and...

Beyond Schema Enforcement: Imperva’s Approach to Delivering Holistic API Security

API security is gaining attention, yet many organizations struggle to move from identifying risks to mitigating them effectively. In their eagerness to strengthen their security posture, some rush to implement schema protection. However, the dynamic and often incomplete nature of API schemas soon...

Imperva Customers Are Protected Against CVE-2025-31161 in CrushFTP

Introduction A critical security vulnerability, identified as CVE-2025-31161 previously tracked as CVE-2025-2825, has been discovered in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. This flaw allows unauthenticated remote attackers to access unpatched CrushFTP servers if...

The Database Kill Chain

Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...

The 2025 WAF Wave from the Other Side

Forrester just published its 2025 Web application Firewall Wave. As a former industry analyst, and as a contributor on the vendor side for Imperva cough, a leader in the report, cough, let me share some reactions on the shape of this report. The Center of the Universe The first top level header H...

Imperva Named a Leader in Forrester Wave™: Web Application Firewall (WAF) Solutions: A Continued Legacy of Excellence

In today’s digital-first environment, protecting web applications and APIs is a critical priority for businesses. Organisations seek trusted solutions that balance robust protection, scalability, and ease of use. It’s no surprise that Imperva has been named a Leader in the Forrester Wave: Web...

Imperva Protects Against Apache Tomcat Deserialization Vulnerability

Overview A newly disclosed vulnerability, CVE-2025-24813, affecting Apache Tomcat, has been identified as a high-risk path equivalence vulnerability that allows attackers to manipulate filenames with internal dots . under specific conditions, leading to unauthorized file access, modification, and...

Imperva Protects Against the Apache Camel Vulnerabilities

Introduction: Understanding the Apache Camel Flaw On March 9, 2025, Apache released a security advisory for CVE-2025-27636, a vulnerability in the Apache Camel framework that allows attackers to bypass header filtering via miscased headers. Although rated as moderate, this vulnerability...

How Scalping Bots Exploited a Vulnerable API to Disrupt Online Retail Sales

In the fast-paced world of online retail, where customer satisfaction and availability are paramount, a sudden attack by scalping bots can disrupt operations, inflate costs, and damage reputation. A North American Online Retailer faced a month-long bot attack that targeted their inventory system,...

How to Comply with PCI DSS 4.0 Requirements 6.4.3 and 11.6.1

The countdown to compliance is in its final stretch. With the third and final phase of PCI DSS 4.0 requirements taking effect on March 31, 2025, organizations are under increasing pressure to ensure their client-side security measures meet the new requirements. At Imperva, we’re committed to...

How Imperva Infused AI Throughout Research and Development

The Age of AI Is Upon Us The current pace of technological change beggars’ belief. Generative Artificial Intelligence GenAI, released to the world a mere two years ago, promises to eliminate much of the tedium of the digital world. Software engineers around the world are already using it to speed...

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and...

How Imperva Protects the Arts Industry from Ticketing Abuse by Carding Bots

The ticketing industry is under constant threat from malicious bots, with bad actors targeting these platforms for financial gain. Bots accounted for 31.1% of all traffic to entertainment platforms in 2024, with attacks ranging from scalping and credential stuffing to carding operations. When one...

GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia

Since 1974, gambling has been officially illegal in Indonesia. However, the digital revolution of the 2000s introduced a new challenge: the rapid growth of online gambling platforms. This technological shift has created enforcement gaps, compelling the Indonesian government to intensify its effor...

Imperva’s Wildest 2025 AppSec Predictions

Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated with cool names like Nostradamus and The Amazing Kreskin. Nostradamus made his fame on predictions about the...

Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers

In the not-so-distant past, webmasters faced challenges from bots like Google's search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models LLMs like ChatGP...

First Things First: Know and Prioritize Your Risk in Data Security

Fortify your risk posture by shifting focus from network security to data-centric security for more robust cyber defense. Cyberattacks are one of the most onerous threats faced by businesses today. Not only is cybercrime skyrocketing in volume, it is also increasing in AI/ML-powered sophisticatio...

Imperva Defends Against LLM Hacking

In the evolving landscape of cybersecurity, the advent of large language models LLMs has introduced a new frontier of challenges and opportunities. Research has shown advanced LLMs, such as GPT-4, now possess the ability to autonomously execute sophisticated cyberattacks, including blind database...