Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

CVE-2025-66675: Apache Struts DoS Vulnerability Leads to Disk Exhaustion

Dec 17, 2025 By Bhargavi Pallati In Indusface
A newly disclosed denial-of-service vulnerability, CVE-2025-66675, affects a wide range of Apache Struts 2 versions and poses a serious availability risk for applications that handle file uploads. While the EPSS score is 0.05%, indicating a low probability of exploitation in the next 30 days, the vulnerability still represents a high availability risk for exposed and unpatched environments.
Read Post

AppTrana AppSec Platform | AI-powered All-in-One Web and API Security Platform

Dec 16, 2025 By Indusface In Indusface
About Indusface: Indusface is a leading application security SaaS company, securing over 6,500 customers across 95 countries with its award-winning platform. Backed by leading institutional investors, Indusface is a category leader in cloud WAAP, with repeated recognition from top analysts and industry platforms including Gartner, Forrester, GigaOm, and G2. The industry's only AI-powered, all-in-one AppSec platform helps businesses discover, detect, remediate, and protect web applications and APIs at internet scale, backed by a 100% uptime guarantee.
View Video

Deepfake & AI Defense for Digital Insurance | Dr.Pawan Chawla (CISO & DPPO, Tata AIA Life Insurance)

Dec 15, 2025 By Indusface In Indusface
In Episode of Guardians of the Enterprise, Dr. Pawan Chawla (CISO and DPPO, Tata AIA Life Insurance) joins Ashish Tandon (Founder and CEO, Indusface) to discuss the emerging cyber challenges facing the insurance industry. He highlights how cybercrime marketplaces are lowering barriers for attackers, the rise in third-party and internal risks, and other evolving threats shaping security priorities for insurers.
View Video

Securing Mission-Critical Insurance Systems

Dec 15, 2025 By Indusface In Indusface
In this episode, Dr. Pawan Jawla, Chief Mission Security Officer at Tata AIA, shares what truly keeps security leaders awake at night while protecting mission-critical insurance systems. From the rise of low-cost ransomware and evolving fraud techniques, to meeting Government of India, DCI, and insurance-specific compliance standards. We also explore why security audits should be treated as gap-finding, not fault-finding, the persistent confusion around data ownership inside enterprises, and why, despite massive investment, 95% of organizations still struggle to see ROI from AI.
View Video
indusface

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface
A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.
Read Post

CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments

Dec 10, 2025 By Indusface In Indusface
A critical XXE vulnerability, CVE-2025-66516, has been discovered in Apache Tika, putting any workflow that processes PDFs at serious risk. A malicious PDF can trigger the exploit through any Tika workflow, silently giving attackers access to sensitive files, internal URLs, cloud metadata, and your internal network. AppTrana blocks these malicious PDFs at the edge, keeping your data and internal systems secure.
View Video
indusface

CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments

Dec 8, 2025 By Pavithra Hanchagaiah In Indusface
A critical vulnerability, CVE-2025-66516 (CVSS 10.0), has been identified in Apache Tika, affecting how the framework processes PDF files containing XFA (XML Forms Architecture) data. The vulnerability resides in tika-core, which means any system using Tika’s default parsing behavior remains vulnerable even if the PDF parser module was previously patched. No special configuration or insecure application code is required; simply ingesting a malicious PDF is enough to trigger the exploit.
Read Post
indusface

React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js

Dec 5, 2025 By Bhargavi Pallati In Indusface
The modern JavaScript ecosystem was shaken this week as Meta, Vercel, Google Cloud, AWS, and leading security researchers revealed two critical issues: CVE-2025-55182 and the downstream Next.js variant CVE-2025-66478. Both are rated CVSS 10 and allow remote code execution (RCE) by exploiting weaknesses in the React Server Components (RSC) “Flight” protocol. The vulnerabilities affect React 19 and all major frameworks embedding the RSC implementation, most notably Next.js 15.x and 16.x.
Read Post

NIST SP 800-53 r5 Compliance Made Simple with AppTrana

Dec 5, 2025 By Indusface In Indusface
With over 32,000 security incidents reported by U.S. federal agencies in the past year, cyber risks are growing in scale and complexity. NIST SP 800-53 r5 provides a comprehensive framework of security and privacy controls to help organizations manage risk, protect critical systems, and maintain regulatory compliance.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.