Imperva Customers Protected Against CVE-2026-45247 in Mirasvit Full Page Cache Warmer for Magento
TL;DR: CVE-2026-45247 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2. The flaw stems from...
Real-Time Webhook Notifications: No More Lost Security Alerts
Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a...
Imperva Customers Protected Against CVE-2026-9082 in Drupal Core
TL;DR: CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL....
Dify: When Your AI Platform Becomes the Attack Surface
Executive Summary
We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platforms are increasingly becoming integration hubs for complex workflows, their security...
CVE-2026-42945: Imperva Customers Protected Against Critical NGINX Rewrite Module Vulnerability
TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the...
Why AI Agents Make API Security a CISO Priority
AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused.
And the security implication is clear:...
Your Redis Server Looks Fine. That’s the Problem.
Introduction
There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How...
For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds.
The latest 2026 Bad...
Hacking Safari with GPT 5.4
When Anthropic unveiled Mythos and Project Glasswing, the reaction was immediate and polarized. Some dismissed it as fear-driven marketing, while others treated it as...












