React2Shell Remote Code Execution (RCE) Vulnerability
What is the Vulnerability? React2Shell is a critical unauthenticated RCE vulnerability...
Implementing HTTP Strict Transport Security (HSTS) across AWS services
Modern web applications built on Amazon Web Services (AWS) often span multiple services to deliver scalable, performant solutions. However, customers encounter challenges...
Meet digital sovereignty needs with AWS Dedicated Local Zones expanded services
At Amazon Web Services (AWS), we continue to invest in and deliver digital sovereignty solutions to help customers meet their most sensitive...
Adversarial Poetry and the Efficacy of AI Guardrails
We investigate the rise of adversarial poetry in AI security. Understand how metaphor-based exploits circumvent guardrails and the defenses we need for LLMs moving...
Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
Introduction and Vulnerability Overview
Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components (RSC). That post focused on the...
Palestine Action: Operations and Global Network
Executive Summary Palestine Action has almost certainly responded to its July 2025 designation as a terrorist organization in the United Kingdom (UK) by...
The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at...
The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more.
And this is...
Implications of Russia-India-China Trilateral Cooperation
Executive Summary Insikt Group assesses that the August 2025 meeting of Chinese Communist Party (CCP) General Secretary Xi Jinping, Indian Prime Minister Narendra...
Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
In this post, we investigate a recent phishing campaign that targets Microsoft 365 users. - Read more
Insertion of sensitive information into REST API logs
CVSSv3 Score: 6.3
An insertion of sensitive information into log file vulnerability in FortiOS, FortiProxy, FortiPAM and FortiSRA may allow...
Latest article
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. ...
CVE program funding secured, easing fears of repeat crisis
The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and...
Outbreak Alert- Annual Report 2025
In 2025, the FortiGuard Labs team processed and blocked 3.8 trillion vulnerability exploitation attempts, preventing 2.71 billion malware deliveries, and blocking 257 million newly...
9th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
AkzoNobel, a Netherlands-based...
