Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apache Tomcat Vulnerability CVE-2025-55752: Risk & Protection

Nov 28, 2025 By Indusface In Indusface
CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.
View Video

Inside Adhaar : Challenges of Securing the World's Largest Digital Identity System #cybersecurity

Nov 28, 2025 By Indusface In Indusface
Discover what it takes to secure Aadhaar, the world’s largest digital identity system. This teaser dives into the massive responsibility behind protecting over a billion citizens’ data powered by strict privacy guardrails, zero-trust principles, encryption, biometric template protection, and privileged access management at national scale. In this clip from Guardians of the Enterprise, Nishith Kumar Datta (Head of Cybersecurity & InfoSec, Titan) shares his insights on the challenges and discipline required to secure such a critical national platform.
View Video
indusface

How to Automate API Security Testing During CI/CD

Nov 28, 2025 By Vinugayathri Chinnasamy In Indusface
During the first half of 2025, APIs faced significantly higher number of attacks than traditional web applications. On average, attacks per API host were 72% higher than those targeting websites, and exploitation of API vulnerabilities surged 13× compared to a 27% increase for website vulnerabilities, according to the State of Application Security Global H1 2025.
Read Post
indusface

API Security for SaaS Product Development: Protecting Multi-Tenant Platforms and Customer Trust

Nov 28, 2025 By Vinugayathri Chinnasamy In Indusface
APIs are now the foundation of SaaS product development, powering authentication, user onboarding, billing, integrations, webhooks, analytics, and internal microservices. As this API footprint grows, the threat landscape has intensified. The Indusface State of Application Security H1 2025 Report recorded a 104% rise in API-targeted attacks, a 13X increase in API vulnerability exploits, and 388% more DDoS attacks on API hosts than on websites.
Read Post
indusface

DPDP Rules 2025: The New Compliance Era and How AppTrana Helps You Get There

Nov 24, 2025 By Vinugayathri Chinnasamy In Indusface
On 14 November 2025, the Government of India notified the Digital Personal Data Protection (DPDP) Rules, 2025, officially activating the DPDP Act, 2023. The Rules transform the law from a policy framework into a fully enforceable compliance regime, starting an 18-month implementation countdown for every business in India.
Read Post
indusface

Cloudflare Outage Nov 2025: Architectural Lessons for Building Resilient Infrastructure

Nov 20, 2025 By Karthik Krishnamoorthy In Indusface
The internet’s fragility was evident again during the recent Cloudflare outage. A single internal fault rippled outward and disrupted major websites and business applications. X, ChatGPT, media platforms, dashboards and thousands of other services simultaneously showed 5xx errors. And this is not new.
Read Post
indusface

CVE-2025-55752: Apache Tomcat Path Traversal Vulnerability

Nov 18, 2025 By Deepak Kumar Choudhary In Indusface
Apache Tomcat continues to play a central role in hosting Java-based web applications across enterprises, cloud services, and government systems. Its reliability and lightweight architecture make it a go-to choice for developers, but its ubiquity also means that a single vulnerability can have widespread security implications. CVE-2025-55752, disclosed in late 2025, highlights how a subtle processing regression can evolve into a high-impact vulnerability under the right conditions.
Read Post

Django Vulnerabilities Expose Apps to SQL Injection & DoS Attacks

Nov 18, 2025 By Indusface In Indusface
The Django Software Foundation has released critical security fixes for CVE-2025-64459 (SQL Injection) and CVE-2025-64458 (Denial of Service) vulnerabilities. These vulnerabilities affect query construction and redirect handling in Django, putting applications and data at risk. See how AI-powered AppTrana stops these attacks from Day 0.
View Video

SessionReaper: Magento's Critical CVE-2025-54236 Breakdown

Nov 14, 2025 By Indusface In Indusface
SessionReaper (CVE-2025-54236) is one of the most dangerous vulnerabilities discovered in Adobe Commerce and Magento Open Source. This pre-authentication flaw enables attackers to hijack customer sessions and, in many real-world setups, escalate to remote code execution (RCE), allowing them to drop persistent PHP web shells on your servers.
View Video
indusface

Django Vulnerabilities Expose Apps to SQL Injection and DoS Attacks

Nov 13, 2025 By Aayush Vishnoi In Indusface
The Django Software Foundation has rolled out important security fixes addressing two serious vulnerabilities that could let attackers manipulate databases and disrupt application availability. The vulnerabilities such as CVE-2025-64459 (SQL Injection) and CVE-2025-64458 (Denial of Service), were found in commonly used functions of the Django web framework. These vulnerabilities affect how Django processes queries and handles redirects, especially when user-supplied input is not properly validated.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.