On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSOD (Blue Screen of Death) incidents. The impact was severe, disrupting critical infrastructure globally, from grounded flights to halted public transit systems. In fact, you’d have to have been living under a rock to have missed this incident.

As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats Report reveals critical trends and developments that are reshaping the security environment. Continuing from our Q1 findings, the surge in AI API vulnerabilities is not only persisting but intensifying, with an alarming increase in both the volume and severity of exploits.

A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT team officially has a Zero-Day vulnerability/exploit on their hands! A zero-day vulnerability is a software vulnerability discovered by attackers before the vendor has become aware of it.

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.

We're gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek - not just one, but TWO of Wallarm's open-source tools will be featured in the Arsenal showcase at Black Hat USA this year. Black Hat Arsenal unites researchers and the open-source community to display their newest open-source tools and products, allowing presenters to engage directly with attendees. Its schedule is now live, so save the date to watch presentations of API Firewall and GoTestWAF.

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally developed by Andrew Betts, Polyfill.io injects JavaScript polyfill libraries based on the user agent or other characteristics, streamlining code maintenance.

Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote logins, manage and administer remote servers, and transfer files through SCP and SFTP. Nicknamed as the “RegreSSHion Bug”, Researchers at Qualys initially identified the vulnerability in May 2024.

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking, and payment processing. Supporting multiple languages and currencies, it's ideal for small to medium businesses worldwide. Built by Promokit, the pkFacebook add-on integrates PrestaShop with Facebook, enabling product catalog sync, dynamic ads, and Facebook Shop creation.