Adversarial Poetry and the Efficacy of AI Guardrails
We investigate the rise of adversarial poetry in AI security. Understand how metaphor-based exploits circumvent guardrails and the defenses we need for LLMs moving...
Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
Introduction and Vulnerability Overview
Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components (RSC). That post focused on the...
Palestine Action: Operations and Global Network
Executive Summary Palestine Action has almost certainly responded to its July 2025 designation as a terrorist organization in the United Kingdom (UK) by...
The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at...
The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more.
And this is...
Implications of Russia-India-China Trilateral Cooperation
Executive Summary Insikt Group assesses that the August 2025 meeting of Chinese Communist Party (CCP) General Secretary Xi Jinping, Indian Prime Minister Narendra...
Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
In this post, we investigate a recent phishing campaign that targets Microsoft 365 users. - Read more
Multiple authenticated OS Command Injections via API
CVSSv3 Score: 6.7
An OS command injection vulnerabtility in FortiExtender API may allow an authenticated attacker to execute unauthorized code...
Reflected XSS in HA cluster
CVSSv3 Score: 5.3
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox may allow an...
Current password requirement bypass for self password change
CVSSv3 Score: 6.5
An Unverified Password Change vulnerability in FortiSOAR may allow an attacker who gained access to a victim's...
OS command injection in multiple endpoints
CVSSv3 Score: 7.0
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in FortiSandbox...
Latest article
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability? A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online,...
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports...
