Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

On March 17th, 2025, security researchers confirmed active exploitation of Apache Tomcat’s recently disclosed vulnerability, CVE-2025-24813. Publicly disclosed on March 10th, the earliest signs of exploitation were observed on March 12th, with attackers leveraging the flaw just 30 hours after disclosure. This vulnerability enables Remote Code Execution (RCE) and information disclosure by exploiting Tomcat’s request-handling mechanism.

Choosing the right WAF solution is not just about ticking a checkbox—it’s about ensuring real-time security, threat intelligence, and seamless operations. A poorly chosen WAF can lead to downtime, false positives, compliance gaps, and missed zero-day threats. So, before you commit to a WAF provider, ask these critical questions to ensure your web applications and APIs are protected against evolving cyber threats.

A newly identified cyber campaign has been actively targeting organizations across multiple sectors in Japan since January 2025. Threat actors of unknown origin have been exploiting CVE-2024-4577, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows, to gain unauthorized access to victim systems. This campaign has primarily impacted Japan’s technology, telecommunications, and e-commerce industries.

PCI DSS (Payment Card Industry Data Security Standard) v4.0.1 is designed to protect cardholder data and secure payment environments. Compliance with PCI DSS is critical for any organization that stores, processes, or transmits payment card information. The framework helps prevent fraud, data breaches, and financial losses associated with cyber threats targeting payment systems.

We are excited to announce that Indusface has successfully achieved PCI DSS v4.0.1 certification as a service provider, reinforcing our commitment to industry-leading security and compliance. This milestone underscores our dedication to protecting sensitive cardholder data and helping businesses navigate evolving security regulations.

The NIST Cybersecurity Framework (CSF) 2.0 is a voluntary framework developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. Initially released in 2014, CSF was primarily intended for critical infrastructure sectors. However, CSF 2.0 (2024) expands its scope to include organizations of all sizes and sectors, including small businesses, nonprofits, and large corporations.

Organizations handling Controlled Unclassified Information (CUI) need to comply with NIST SP 800-171 Revision 3, a set of cybersecurity requirements developed by the National Institute of Standards and Technology (NIST). These guidelines apply to non-federal organizations, including private companies, defense contractors, and businesses in regulated industries, that process, store, or transmit CUI.

NIST Special Publication 800-53 revision 5 provides a comprehensive set of security and privacy controls to help organizations manage risk effectively. These controls are widely adopted by federal agencies and private organizations to enhance cybersecurity resilience. Compliance with NIST SP 800-53 r5 helps organizations strengthen their security posture, mitigate cyber threats, and ensure regulatory compliance.

Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, affecting various file hashing functions. These vulnerabilities—CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159—allow credential coercion, which can lead to path traversal and potentially enable remote code execution (RCE).

As organizations move to the cloud, achieving FedRAMP compliance becomes a critical requirement for security and risk management. The framework mandates rigorous security controls across risk assessment, incident response, system integrity, audit logging, and continuous monitoring. AppTrana WAAP (Web Application and API Protection) helps organizations address these controls by offering comprehensive security measures, including vulnerability scanning, continuous monitoring, and attack prevention.

As cybersecurity threats evolve and regulatory requirements tighten, organizations worldwide are turning to NIST (National Institute of Standards and Technology) frameworks to strengthen their security and risk management strategies.

Small businesses are becoming primary targets for cyberattacks. Attackers know that small businesses often lack the security resources of larger enterprises, making them an easy entry point for data breaches, ransomware, and website takeovers.