Imperva

Executive Summary As powerful personal AI assistants become increasingly widespread, their ability to access tools, files, and external services also makes them susceptible to prompt...

There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does...

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service (DoS) vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache...

TL;DR: CVE-2026-45247 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2. The flaw stems from...

Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a...

TL;DR: CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL....

Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platforms are increasingly becoming integration hubs for complex workflows, their security...

TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the...

AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused. And the security implication is clear:...

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back...