Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

Migrating from Legacy WAFs to AI-Driven Managed WAAP: Why Execution Matters More Than Technology

Dec 19, 2025 By Vinugayathri Chinnasamy In Indusface
In 2025, security benchmarks showed that over half of publicly disclosed vulnerabilities can bypass WAF protections when rule updates lag behind real-world exploits. Legacy WAFs were built for stable applications and predictable traffic. Today, frequent releases, API-driven architectures, and rapidly evolving attacks expose the limits of manual tuning and after-the-fact validation, leaving protection out of sync with reality.
Read Post
indusface

Managed Bot Protection for SMBs: Protecting Growth, Reputation & Stability

Dec 19, 2025 By Vinugayathri Chinnasamy In Indusface
According to the Indusface State of Application Security Report, SMBs now experience more attacks per application than large enterprises. Each SMB site facing an average of 2.24 million attacks per quarter, driven largely by malicious bot traffic and automated DDoS attempts. Despite this, many SMBs still operate with minimal security controls or legacy technology stacks, making them extremely vulnerable.
Read Post
indusface

Managed DDoS Protection for E-commerce: Securing Online Store Availability

Dec 19, 2025 By Vinugayathri Chinnasamy In Indusface
The digital storefront never sleeps, but in the first half of 2025, it has faced unprecedented hostility. According to the State of Application Security report 2025 Report, the threat landscape has shifted dramatically. E-commerce has become a primary target, with DDoS incidents in the retail and e-commerce sector spiking by 420%. Perhaps even more concerning is the vector of these attacks: attacks on APIs rose by 104%, with vulnerability exploitation increasing 13-fold.
Read Post
indusface

Secret Scanning: A Critical Practice for Protecting Sensitive Data in Code

Dec 17, 2025 By Aayush Vishnoi In Indusface
With the rise of CI/CD pipelines, cloud-native development, and globally distributed teams, sensitive credentials like API keys, tokens, and database passwords often slip into source code. Sometimes accidentally, sometimes under pressure to deploy fast. This is not a rare mishap. A recent study found that 34% of API security incidents involve sensitive data exposure. And according to Cyble, over 1.5 million.env files containing secrets have been discovered in publicly accessible environments.
Read Post

CVE-2025-10573: Stored XSS in Ivanti EPM

Dec 17, 2025 By Indusface In Indusface
A critical stored XSS vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager lets attackers poison the admin dashboard with malicious scripts, leading to session hijacking and device compromise. AppTrana blocks these malicious scan submissions at the edge, preventing stored XSS payloads from ever reaching the EPM dashboard, even before patching.
View Video
indusface

React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks

Dec 17, 2025 By Bhargavi Pallati In Indusface
The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.
Read Post
indusface

CVE-2025-66675: Apache Struts DoS Vulnerability Leads to Disk Exhaustion

Dec 17, 2025 By Bhargavi Pallati In Indusface
A newly disclosed denial-of-service vulnerability, CVE-2025-66675, affects a wide range of Apache Struts 2 versions and poses a serious availability risk for applications that handle file uploads. While the EPSS score is 0.05%, indicating a low probability of exploitation in the next 30 days, the vulnerability still represents a high availability risk for exposed and unpatched environments.
Read Post

AppTrana AppSec Platform | AI-powered All-in-One Web and API Security Platform

Dec 16, 2025 By Indusface In Indusface
About Indusface: Indusface is a leading application security SaaS company, securing over 6,500 customers across 95 countries with its award-winning platform. Backed by leading institutional investors, Indusface is a category leader in cloud WAAP, with repeated recognition from top analysts and industry platforms including Gartner, Forrester, GigaOm, and G2. The industry's only AI-powered, all-in-one AppSec platform helps businesses discover, detect, remediate, and protect web applications and APIs at internet scale, backed by a 100% uptime guarantee.
View Video

Deepfake & AI Defense for Digital Insurance | Dr.Pawan Chawla (CISO & DPPO, Tata AIA Life Insurance)

Dec 15, 2025 By Indusface In Indusface
In Episode of Guardians of the Enterprise, Dr. Pawan Chawla (CISO and DPPO, Tata AIA Life Insurance) joins Ashish Tandon (Founder and CEO, Indusface) to discuss the emerging cyber challenges facing the insurance industry. He highlights how cybercrime marketplaces are lowering barriers for attackers, the rise in third-party and internal risks, and other evolving threats shaping security priorities for insurers.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.