Meet digital sovereignty needs with AWS Dedicated Local Zones expanded services
At Amazon Web Services (AWS), we continue to invest in and deliver digital sovereignty solutions to help customers meet their most sensitive...
Adversarial Poetry and the Efficacy of AI Guardrails
We investigate the rise of adversarial poetry in AI security. Understand how metaphor-based exploits circumvent guardrails and the defenses we need for LLMs moving...
Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
Introduction and Vulnerability Overview
Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components (RSC). That post focused on the...
Palestine Action: Operations and Global Network
Executive Summary Palestine Action has almost certainly responded to its July 2025 designation as a terrorist organization in the United Kingdom (UK) by...
The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at...
The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more.
And this is...
Implications of Russia-India-China Trilateral Cooperation
Executive Summary Insikt Group assesses that the August 2025 meeting of Chinese Communist Party (CCP) General Secretary Xi Jinping, Indian Prime Minister Narendra...
Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
In this post, we investigate a recent phishing campaign that targets Microsoft 365 users. - Read more
Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass
CVSSv3 Score: 9.1
An Improper Verification of Cryptographic Signature vulnerability in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to...
Broken access control on API endpoints
CVSSv3 Score: 6.2
An Improper access control vulnerability in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted...
Read-only admin could obtain admin configuration secrets
CVSSv3 Score: 2.6
An improper access control vulnerability in FortiAuthenticator Web UI may allow an authenticated attacker with at least...
Latest article
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant...
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of...
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs,...
Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.
The post Healthcare Vendor Xsolis...
