%term

Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

Dec 8, 2025 By Wallarm In Wallarm

The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing attack activity. This update summarizes the changes and observations we have made across Wallarm customers.

Read Post

Wallarm

Read more about Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

Agentic AI Security: The Emerging Fourth Pillar of Cybersecurity

Dec 8, 2025 By Eric Schwake In Salt Security

For decades, cybersecurity has been organized around three dominant pillars: endpoint security, network security, and cloud security. These domains have shaped technology categories, vendor ecosystems, and enterprise budgets. They have matured into multi-billion-dollar markets, each responding to successive waves of digital transformation. However, a tectonic shift is underway.

Read Post

Salt Security

Read more about Agentic AI Security: The Emerging Fourth Pillar of Cybersecurity

APIs, AI, and the Amplification of Security Risk

Dec 8, 2025 By A10 Networks In A10 Networks

APIs, AI, and the Amplification of Security Risk A10 Networks experts Jamison Utter and Carlo Alpuerto discuss how the rise of Agentic AI is dramatically scaling up existing API security problems, creating an "amplification effect" rather than introducing fundamentally new security challenges.

View Video

A10 Networks

Read more about APIs, AI, and the Amplification of Security Risk

API Security vs Application Security: What's the Difference & Best Practices 2026

Dec 5, 2025 By Suyash Jain In Astra

Over the past few years, APIs have quietly become the front door to your most critical data and workflows, flipping security ownership on its head. Accountability and ownership of both API and Application security have shifted from your central infra and network teams to product, platform, and engineering squads that ship new APIs every week, and well, sometimes every day. This is where CISOs and CTOs feel the tug strengthening from both sides.

Read Post

Astra

Read more about API Security vs Application Security: What's the Difference & Best Practices 2026

Critical vLLM Flaw Exposes the Soft Underbelly of AI Infrastructure

Dec 5, 2025 By Eric Schwake In Salt Security

While the world worries about "jailbreaking" LLMs or preventing them from hallucinating, a critical new vulnerability has just reminded us of a fundamental truth: AI is just software, and software has bugs. A newly discovered critical flaw (CVE-2025-62164) in vLLM, one of the most popular libraries for serving large language models, allows attackers to achieve Remote Code Execution (RCE) or crash servers simply by sending a malicious API request. This isn't a failure of the AI model.

Read Post

Salt Security

Read more about Critical vLLM Flaw Exposes the Soft Underbelly of AI Infrastructure

Prioritizing Risk: Why Context is King in API Security

Dec 5, 2025 By A10 Networks In A10 Networks

Prioritizing Risk: Why Context is King in API Security A10 Networks security experts Jamison Utter and Carlo Alpuerto discuss a fundamental shift in how security teams should view vulnerabilities and risks, especially in the context of API security.

View Video

A10 Networks

API
Security

Read more about Prioritizing Risk: Why Context is King in API Security

The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Dec 4, 2025 By Wallarm In Wallarm

When data flows between two critical SaaS tools (like Salesforce and a CRM chatbot), you have zero visibility into that traffic. This leaves a gaping hole for attackers to exploit Business Logic Abuse. Since you can't see the traffic, you cannot monitor the attack. The Solution? Rigorous Vendor Management. Control Your Own Keys! The responsibility to protect your sensitive data is always yours, even in the cloud.

View Video

Wallarm

API
Security

Read more about The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

Dec 4, 2025 By Wallarm In Wallarm

On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments.

Read Post

Wallarm

Read more about Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

APIs are the Language of AI. Protecting them is Critical.

Dec 4, 2025 By A10 Networks In A10 Networks

APIs are the Language of AI. Protecting them is Critical. In this discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto explore the emerging impact of Agentic AI on the API security landscape. They delve into how AI agents, as new API consumers, are driving an explosion in endpoints and exacerbating existing security issues, pushing API protection higher up the security practitioners' priority list.

View Video

A10 Networks

Read more about APIs are the Language of AI. Protecting them is Critical.

Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Dec 3, 2025 By Eric Schwake In Salt Security

The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.

Read Post