Microsoft SharePoint, a core platform for enterprise collaboration, is facing active exploitation through a newly confirmed vulnerability, tracked as CVE-2026-20963. Rooted in unsafe deserialization of user-controlled data, this vulnerability allows remote code execution with low-privileged authenticated access, making it a high-priority threat for organizations worldwide.
|
By Vivek Gopalan
You deployed AWS WAF, completed the initial setup, and got visibility into your traffic. Then the operational reality sets in. Teams that find their way to this comparison typically share one of three experiences: If any of those match where you are, this guide will tell you what you need to know.
You click “Publish” on your Wix site and breathe easy. HTTPS? Check. Automatic updates? Check. Hosting handled? Check. Your website feels bulletproof. But here is the catch: security is not static and neither is your website. Every new feature, integration, and user interaction opens a door, sometimes one you didn’t even know existed. Hackers are constantly scanning, probing, and testing sites like yours. They don’t care if you are small; they care only about finding a weak spot.
|
By Bhargavi Pallati
A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to manipulate request handling and trigger unauthorized server-side requests. Tracked as CVE-2026-27739, the vulnerability arises from how Angular SSR reconstructs request origins using HTTP headers such as Host and X-Forwarded-*. In affected versions, these headers were not strictly validated before being used to build request URLs.
|
By Gaurav Chauhan
You track your web applications. You inventory your APIs. But is anybody monitoring your AI servers? Just last week research found that there were more than 175,000 exposed versions of Ollama, an AI server popular for self-hosting LLMs. Across enterprises, self-hosted model servers are being deployed on cloud VMs and GPU-backed instances to power copilots, internal automation, and experimental AI features.
A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially crafted configuration object, attackers can trigger a fatal runtime error inside Axios’s internal request handling logic, causing the Node.js process to crash instantly.
A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files on exposed websites. Tracked as CVE-2026-1357, the vulnerability affects vulnerable versions of the plugin and enables remote code execution through network-accessible functionality intended for backup and migration workflows. With over 900,000 active installations, WPvivid is widely deployed across production WordPress environments.
|
By Bhargavi Pallati
Approximately 1,600 Ivanti Endpoint Manager Mobile (EPMM) instances are currently exposed globally, creating a significant attack surface for enterprise mobile infrastructure. Ivanti has disclosed two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, that allow unauthenticated remote code execution on affected on-premises deployments. CVE-2026-1281 has been confirmed exploited prior to disclosure and is now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
|
By Bhargavi Pallati
A critical unauthenticated remote code execution (RCE) vulnerability has been identified in the React Native Metro development server, with nearly 3,500 exposed instances currently reachable on the public internet. Tracked as CVE-2025-11953, also known as Metro4Shell, this flaw affects the Metro server used during React Native application build and testing workflows.
|
By Bhargavi Pallati
Angular applications often rely on built-in protections to handle user input safely. However, a recently disclosed vulnerability shows how gaps in this trust can lead to client-side attacks when input is not properly handled. The vulnerability lies in Angular’s template sanitization logic, where improper handling of SVG elements during template compilation allows attackers to execute arbitrary JavaScript in a user’s browser.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface and Nishith Datta, Head of Cybersecurity at Titan, discusses one of the most pressing challenges in modern security, vulnerability patching in the age of AI. As AI accelerates both the scale and sophistication of attacks, traditional patching cycles are no longer enough. Nishith shares his frontline perspective on how enterprises securing omnichannel consumers must rethink their approach to exposure management.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, and Nishith Datta, Head of Cybersecurity at Titan, breaks down one of the biggest myths in retail cybersecurity, especially in the era of omnichannel distribution channels. As digital and physical experiences evolve, securing consumer journeys is no longer straightforward. Nishith shares his frontline perspective on why traditional assumptions around retail security fall short, and what organizations must rethink to stay resilient.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about building a security-first culture across the organization. They discussed how cybersecurity is no longer limited to IT, and why embedding security into every business function is critical. Watch this video to learn how HDB Financial Services has made cyber security a shared responsibility across teams.
|
By Indusface
In this webinar, the Indusface team shares practical insights on selling modern application security solutions more effectively. The session covers recent product updates, positioning strategies, competitive differentiation, and common customer challenges faced in today’s cybersecurity landscape. Key takeaways include.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how leadership expectations from cybersecurity are evolving. They discussed how boards today are looking beyond traditional security metrics, with a sharper focus on third-party risk, data governance, and organizational resilience.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how AI is reshaping the cyber threat landscape. They discussed how attackers are now leveraging AI to launch more sophisticated phishing campaigns, automate malware, and scale attacks faster than ever before. As AI lowers the barrier to entry, the speed and complexity of attacks continue to increase, making it harder for organizations to keep up.
|
By Indusface
Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.
|
By Indusface
This week, in the episode – Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, speaks with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), on how large financial institutions are navigating a rapidly evolving cyber threat landscape. The conversation covers the rise of AI-driven attacks, Cybercrime-as-a-Service (CaaS), and the growing complexity that comes with expanding digital footprints across cloud, applications, and APIs.
|
By Indusface
A critical vulnerability known as Metro4Shell (CVE-2025-11953) has been identified in the React Native Metro development server, enabling unauthenticated remote code execution when exposed beyond localhost. Active exploitation is already underway, with attackers targeting exposed development environments to gain system-level access. For more insights on website and API security fundamentals, subscribe to our newsletter.
|
By Indusface
Learn the core requirements of NIST CSF 2.0, why they matter, and how they help organizations strengthen cybersecurity posture and risk management.
|
By Indusface
With the rapid explosion of APIs and the huge exchange of information through APIs, every organization should be concerned about how secure are these APIs? Download this whitepaper to understand the evolving cyber threats to APIs and how to mitigate them.
|
By Indusface
A lot of vulnerabilities notoriously registered themselves in the Internet hall of fame, continuing to haunt giant organizations. When so much is happening around, we are sure you would have missed out on some of the key stories. Read this eBook to stay updated on everything important.
|
By Indusface
Bots are everywhere in today's technology. The fundamental challenge is to detect and block the malicious bots that could destroy your business. Download our whitepaper to understand the importance of a good bot management solution.
|
By Indusface
Web-based attacks are the most common attack faced by many businesses regardless of size. Want to identify the vulnerabilities most prevalent to your business and mitigate them?
|
By Indusface
Whatever may be the reason behind the DDoS attacks, this attack is here to stay and almost anyone can become a victim of DDoS attacks. The key piece to address this attack is the DDoS mitigation plan that organizations have in place.
|
By Indusface
In this time of increasing complex cyber-attacks, you should look across the multiple security vulnerabilities to investigate and mitigate risks to keep your organization safe. This eBook reviews the real security attacks that have exploited vulnerabilities and provides a synopsis of facts and fixes.
|
By Indusface
Managed WAF is the best solution available to protect applications from attacks. In this whitepaper, we will try to explore why this is the case and how can WAF be effectively deployed to ensure better efficacy?
|
By Indusface
Website vulnerabilities have become a security nightmare for most businesses. Whether you're an entrepreneur, a CIO, a director of security, a CTO, or something in between, understanding and evaluating risks is critical. And that's exactly where this eBook, can help you.
- March 2026 (8)
- February 2026 (11)
- January 2026 (14)
- December 2025 (27)
- November 2025 (13)
- October 2025 (18)
- September 2025 (9)
- August 2025 (14)
- July 2025 (10)
- June 2025 (23)
- May 2025 (19)
- April 2025 (9)
- March 2025 (17)
- February 2025 (6)
- January 2025 (10)
- December 2024 (6)
- November 2024 (10)
- October 2024 (5)
- September 2024 (5)
- August 2024 (10)
- July 2024 (12)
- June 2024 (6)
- May 2024 (7)
- April 2024 (9)
- March 2024 (8)
- February 2024 (10)
- January 2024 (8)
- December 2023 (6)
- November 2023 (7)
- October 2023 (9)
- September 2023 (10)
- August 2023 (9)
- July 2023 (12)
- June 2023 (7)
- May 2023 (10)
- April 2023 (9)
- March 2023 (15)
- February 2023 (13)
- January 2023 (6)
- December 2022 (1)
- November 2022 (4)
- October 2022 (10)
- September 2022 (10)
- August 2022 (5)
- July 2022 (1)
- April 2022 (6)
- March 2022 (1)
- February 2022 (6)
- January 2022 (3)
Secure web applications & APIs with ease. Get fully managed web app firewall & scanner to prevent DDoS & Bot attacks.
Indusface is a SaaS company that secures critical Web applications of 3000+ global customers using its award-winning platform that integrates a Web application scanner, Web application firewall, CDN, and threat information engine. Indusface is funded by Tata Capital Growth Fund.
We make it easy for you to secure your Web and Mobile Applications:
- Managed Web Application and API Protection: Risk Based Fully Managed Web Application and API protection with real time protection against OWASP exploits, DDOS attacks, Bot Mitigation and Zero Day attacks with 24x7 support from security experts.
- Comprehensive application vulnerability detection: Automated DAST Scanner combined with on demand Manual Penetration Testing , False positive removal via manual verification with 24x7 support from Security experts.
- Comprehensive Mobile Application vulnerability detection: In depth Pen-testing with multiplatform coverage including iOS, Android, Windows
- Powerful digital certificates for secure communication: Standard, EV, UCC multidomain & Wildcard certificates for your applications.