Vadodara, India
2012
  |  By Phani Deepak Akella
In June 2026, ServiceNow disclosed that a customer-facing API endpoint had been shipped with authentication switched off, letting anyone query internal tables on hosted customer instances without a password. It wasn’t an isolated case. In 2025, a deprecated Stripe payment endpoint, still connected to live systems, let attackers validate stolen card numbers for months before anyone noticed.
  |  By Phani Deepak Akella
Right now, a bot is running a single command against a website and reading the first few lines that come back. Maybe yours. It is not personal. The bot is working down a list of a few hundred thousand WordPress sites, and any given site is on it because WordPress runs more than 40% of the web and the same small set of mistakes shows up on most of them. You can read exactly what that bot reads. It takes about ten minutes, the tools are already on your machine, and none of it is hacking.
  |  By Bhargavi Pallati
Oracle E-Business Suite (EBS) sits at the center of finance, procurement, and payment operations for many large enterprises. When a critical vulnerability surfaces in a module like Oracle Payments, the impact reaches well past IT. It touches financial data, transaction integrity, and regulatory exposure. CVE-2026-46817 is exactly that kind of vulnerability, and it is now being actively exploited.
  |  By Bhargavi Pallati
Enterprises are standing up AI application frameworks like Langflow faster than security teams can review them. These platforms let teams build and automate generative AI workflows in days instead of months, but that speed comes with a cost: many instances go live with default settings, get exposed to the internet, and never make it onto a security team’s radar. CVE-2026-33017 shows exactly what happens next.
  |  By Deepak Kumar Choudhary
LiteLLM, a widely deployed open-source AI gateway, is affected by a critical exploit chain that allows unauthenticated attackers to execute arbitrary commands on vulnerable hosts. CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities (KEV) catalog on June 9, 2026, confirming active exploitation in the wild. The Qilin ransomware group has been linked to exploitation activity. What makes this especially dangerous is the chain: CVE-2026-42271 on its own required a valid API key.
  |  By Nikita Waghole
Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat actors. The vulnerability allows unauthenticated attackers to remotely compromise vulnerable systems and potentially achieve remote code execution, putting exposed PeopleSoft environments at immediate risk. What makes this vulnerability especially concerning is that attackers exploited it as a zero-day before Oracle released a patch.
  |  By Vinugayathri Chinnasamy
CERT-In just published a risk-based remediation framework that resets expectations for every organisation operating in India. The timelines are worth reading twice: Now consider one question: if a known exploited vulnerability appeared on your internet-facing application at 11pm tonight, what would your team do in the next 12 hours?
  |  By Deepak Kumar Choudhary
Magento and Adobe Commerce environments often rely on third-party extensions to extend functionality and improve performance. However, these extensions can also introduce security risks that exist outside the core platform. CVE-2026-45247 is a recent example of how vulnerabilities in third-party Magento extensions can create severe security risks.
  |  By Vivek Gopalan
A web application firewall is a security software that observes and filters HTTP/HTTPS traffic between a web application and the internet. While this has been available for decades, with the evolution of the threat landscape, WAFs have also added additional capabilities to protect not only web apps but also APIs against a range of attacks, including DDoS and bot attacks. So, the category has evolved and is currently called Web Application and API Protection (WAAP).
  |  By Phani Deepak Akella
Banking & Financial Services (BFS) firms are shouldering a uniquely heavy share of the global threat load. The newly released Indusface State of Application Security 2026 study paints a stark picture: Why the laser focuses on finance? Strict regulations mean banks generally run strong perimeters, so adversaries pivot to bots, API abuse, and nuanced business-logic exploits that slip past ‘default’ defenses.
  |  By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface and Nishith Datta, Head of Cybersecurity at Titan, discusses one of the most pressing challenges in modern security, vulnerability patching in the age of AI. As AI accelerates both the scale and sophistication of attacks, traditional patching cycles are no longer enough. Nishith shares his frontline perspective on how enterprises securing omnichannel consumers must rethink their approach to exposure management.
  |  By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, and Nishith Datta, Head of Cybersecurity at Titan, breaks down one of the biggest myths in retail cybersecurity, especially in the era of omnichannel distribution channels. As digital and physical experiences evolve, securing consumer journeys is no longer straightforward. Nishith shares his frontline perspective on why traditional assumptions around retail security fall short, and what organizations must rethink to stay resilient.
  |  By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about building a security-first culture across the organization. They discussed how cybersecurity is no longer limited to IT, and why embedding security into every business function is critical. Watch this video to learn how HDB Financial Services has made cyber security a shared responsibility across teams.
  |  By Indusface
In this webinar, the Indusface team shares practical insights on selling modern application security solutions more effectively. The session covers recent product updates, positioning strategies, competitive differentiation, and common customer challenges faced in today’s cybersecurity landscape. Key takeaways include.
  |  By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how leadership expectations from cybersecurity are evolving. They discussed how boards today are looking beyond traditional security metrics, with a sharper focus on third-party risk, data governance, and organizational resilience.
  |  By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how AI is reshaping the cyber threat landscape. They discussed how attackers are now leveraging AI to launch more sophisticated phishing campaigns, automate malware, and scale attacks faster than ever before. As AI lowers the barrier to entry, the speed and complexity of attacks continue to increase, making it harder for organizations to keep up.
  |  By Indusface
Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.
  |  By Indusface
This week, in the episode – Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, speaks with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), on how large financial institutions are navigating a rapidly evolving cyber threat landscape. The conversation covers the rise of AI-driven attacks, Cybercrime-as-a-Service (CaaS), and the growing complexity that comes with expanding digital footprints across cloud, applications, and APIs.
  |  By Indusface
A critical vulnerability known as Metro4Shell (CVE-2025-11953) has been identified in the React Native Metro development server, enabling unauthenticated remote code execution when exposed beyond localhost. Active exploitation is already underway, with attackers targeting exposed development environments to gain system-level access. For more insights on website and API security fundamentals, subscribe to our newsletter.
  |  By Indusface
Learn the core requirements of NIST CSF 2.0, why they matter, and how they help organizations strengthen cybersecurity posture and risk management.
  |  By Indusface
With the rapid explosion of APIs and the huge exchange of information through APIs, every organization should be concerned about how secure are these APIs? Download this whitepaper to understand the evolving cyber threats to APIs and how to mitigate them.
  |  By Indusface
A lot of vulnerabilities notoriously registered themselves in the Internet hall of fame, continuing to haunt giant organizations. When so much is happening around, we are sure you would have missed out on some of the key stories. Read this eBook to stay updated on everything important.
  |  By Indusface
Bots are everywhere in today's technology. The fundamental challenge is to detect and block the malicious bots that could destroy your business. Download our whitepaper to understand the importance of a good bot management solution.
  |  By Indusface
Web-based attacks are the most common attack faced by many businesses regardless of size. Want to identify the vulnerabilities most prevalent to your business and mitigate them?
  |  By Indusface
Whatever may be the reason behind the DDoS attacks, this attack is here to stay and almost anyone can become a victim of DDoS attacks. The key piece to address this attack is the DDoS mitigation plan that organizations have in place.
  |  By Indusface
In this time of increasing complex cyber-attacks, you should look across the multiple security vulnerabilities to investigate and mitigate risks to keep your organization safe. This eBook reviews the real security attacks that have exploited vulnerabilities and provides a synopsis of facts and fixes.
  |  By Indusface
Managed WAF is the best solution available to protect applications from attacks. In this whitepaper, we will try to explore why this is the case and how can WAF be effectively deployed to ensure better efficacy?
  |  By Indusface
Website vulnerabilities have become a security nightmare for most businesses. Whether you're an entrepreneur, a CIO, a director of security, a CTO, or something in between, understanding and evaluating risks is critical. And that's exactly where this eBook, can help you.

Secure web applications & APIs with ease. Get fully managed web app firewall & scanner to prevent DDoS & Bot attacks.

Indusface is a SaaS company that secures critical Web applications of 3000+ global customers using its award-winning platform that integrates a Web application scanner, Web application firewall, CDN, and threat information engine. Indusface is funded by Tata Capital Growth Fund.

We make it easy for you to secure your Web and Mobile Applications:

  • Managed Web Application and API Protection: Risk Based Fully Managed Web Application and API protection with real time protection against OWASP exploits, DDOS attacks, Bot Mitigation and Zero Day attacks with 24x7 support from security experts.
  • Comprehensive application vulnerability detection: Automated DAST Scanner combined with on demand Manual Penetration Testing , False positive removal via manual verification with 24x7 support from Security experts.
  • Comprehensive Mobile Application vulnerability detection: In depth Pen-testing with multiplatform coverage including iOS, Android, Windows
  • Powerful digital certificates for secure communication: Standard, EV, UCC multidomain & Wildcard certificates for your applications.