|
By Venkatesh Sundar
Your database is one apostrophe away from a breach. SQL injection has been the most common web vulnerability for three consecutive years. The 2025 Verizon DBIR reports it contributed to 12% of all data breaches, up from 9% the year before. In December 2024, a PostgreSQL SQL injection zero-day gave state-sponsored attackers a path into the US Treasury. In 2023, a single campaign used it to steal 2 million job seeker records across 65 websites in one month. The fix has been known for two decades.
|
By Venkatesh Sundar
DDoS attacks cost businesses an average of $6,130 per minute in downtime losses. According to the Indusface State of Application Security 2026 report, 70% of all websites faced at least one DDoS attack in 2025, attacks per website grew 27% year over year, and APIs were targeted 675% more than traditional websites.
Healthcare absorbed ~24 million attacks in 2025, a 115% increase year over year, according to the Indusface State of Application Security 2026 report. DDoS alone grew 39% across the sector. But disruption here is not just about lost revenue or downtime. When systems go dark, emergency rooms divert patients, doctors lose access to electronic health records, and appointments are cancelled.
SaaS companies face a 20% yearly likelihood of a significant DDoS attack, according to the Indusface State of Application Security H1 2025, underlining the risks to uninterrupted operations. Even brief downtime can have severe consequences. On average, a DDoS attack costs businesses$6,130 per minute in downtime losses. For SaaS platforms, one attack hits every tenant at once, multiplying the SLA breaches, churn risk, and reputational damage across the entire customer base simultaneously.
|
By Vivek Gopalan
A DDoS attack costs businesses an average of $6,130 per minute. Beyond service disruption, these attacks often create operational pressure that exposes login systems, APIs, and payment workflows to additional threats such as credential stuffing and account takeover attempts while security teams work to restore availability.
SMBs absorbed approximately 894 million attacks in 2025, a 71% year-over-year increase — and DDoS drove 85% of that volume, nearly three times the enterprise rate. API DDoS on SMB platforms surged 1,122% in a single year, according to the Indusface State of Application Security 2026 report. With most SMB security operations run by teams of fewer than five people managing both infrastructure and security simultaneously, cybercriminals increasingly view smaller businesses as soft targets.
Globally, schools and universities now face over 4,300 cyberattacks per week on average, marking a 40% year-over-year increase and making the education sector a prime target for disruptive DDoS attacks. Most educational institutions operate with lean IT teams responsible for infrastructure, user support, and security. This resource constraint makes it difficult to withstand prolonged or application-layer DDoS attacks that can quickly disrupt learning platforms and administrative systems.
A critical vulnerability in Ollama allows unauthenticated attackers to extract the entire process memory of exposed servers using just three API calls. Tracked as CVE-2026-7482 and nicknamed Bleeding Llama, the vulnerability puts roughly 300,000 internet-facing servers at risk. Ollama is the most widely used open-source platform for running large language models locally, with over 170,000 GitHub stars and 100 million Docker Hub downloads.
According to the State of Application Security report 2025 Report, DDoS attacks targeting retail and e-commerce increased by 420%, API attacks rose by 104%, and API vulnerability exploitation grew 13-fold. For modern e-commerce, which relies heavily on APIs for mobile apps, third-party logistics, payment gateways, and inventory management, this is a critical vulnerability.
According to the State of Application Security 2026, insurance platforms saw a 115% increase in attacks per website. DDoS attacks per site rose by 143%, targeting critical periods like claim processing and policy renewals. In an industry built on trust, availability is a business promise. Even brief downtime disrupts revenue and compliance, making always-on DDoS protection a core requirement for insurance resilience.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface and Nishith Datta, Head of Cybersecurity at Titan, discusses one of the most pressing challenges in modern security, vulnerability patching in the age of AI. As AI accelerates both the scale and sophistication of attacks, traditional patching cycles are no longer enough. Nishith shares his frontline perspective on how enterprises securing omnichannel consumers must rethink their approach to exposure management.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, and Nishith Datta, Head of Cybersecurity at Titan, breaks down one of the biggest myths in retail cybersecurity, especially in the era of omnichannel distribution channels. As digital and physical experiences evolve, securing consumer journeys is no longer straightforward. Nishith shares his frontline perspective on why traditional assumptions around retail security fall short, and what organizations must rethink to stay resilient.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about building a security-first culture across the organization. They discussed how cybersecurity is no longer limited to IT, and why embedding security into every business function is critical. Watch this video to learn how HDB Financial Services has made cyber security a shared responsibility across teams.
|
By Indusface
In this webinar, the Indusface team shares practical insights on selling modern application security solutions more effectively. The session covers recent product updates, positioning strategies, competitive differentiation, and common customer challenges faced in today’s cybersecurity landscape. Key takeaways include.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how leadership expectations from cybersecurity are evolving. They discussed how boards today are looking beyond traditional security metrics, with a sharper focus on third-party risk, data governance, and organizational resilience.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how AI is reshaping the cyber threat landscape. They discussed how attackers are now leveraging AI to launch more sophisticated phishing campaigns, automate malware, and scale attacks faster than ever before. As AI lowers the barrier to entry, the speed and complexity of attacks continue to increase, making it harder for organizations to keep up.
|
By Indusface
Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.
|
By Indusface
This week, in the episode – Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, speaks with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), on how large financial institutions are navigating a rapidly evolving cyber threat landscape. The conversation covers the rise of AI-driven attacks, Cybercrime-as-a-Service (CaaS), and the growing complexity that comes with expanding digital footprints across cloud, applications, and APIs.
|
By Indusface
A critical vulnerability known as Metro4Shell (CVE-2025-11953) has been identified in the React Native Metro development server, enabling unauthenticated remote code execution when exposed beyond localhost. Active exploitation is already underway, with attackers targeting exposed development environments to gain system-level access. For more insights on website and API security fundamentals, subscribe to our newsletter.
|
By Indusface
Learn the core requirements of NIST CSF 2.0, why they matter, and how they help organizations strengthen cybersecurity posture and risk management.
|
By Indusface
With the rapid explosion of APIs and the huge exchange of information through APIs, every organization should be concerned about how secure are these APIs? Download this whitepaper to understand the evolving cyber threats to APIs and how to mitigate them.
|
By Indusface
A lot of vulnerabilities notoriously registered themselves in the Internet hall of fame, continuing to haunt giant organizations. When so much is happening around, we are sure you would have missed out on some of the key stories. Read this eBook to stay updated on everything important.
|
By Indusface
Bots are everywhere in today's technology. The fundamental challenge is to detect and block the malicious bots that could destroy your business. Download our whitepaper to understand the importance of a good bot management solution.
|
By Indusface
Web-based attacks are the most common attack faced by many businesses regardless of size. Want to identify the vulnerabilities most prevalent to your business and mitigate them?
|
By Indusface
Whatever may be the reason behind the DDoS attacks, this attack is here to stay and almost anyone can become a victim of DDoS attacks. The key piece to address this attack is the DDoS mitigation plan that organizations have in place.
|
By Indusface
In this time of increasing complex cyber-attacks, you should look across the multiple security vulnerabilities to investigate and mitigate risks to keep your organization safe. This eBook reviews the real security attacks that have exploited vulnerabilities and provides a synopsis of facts and fixes.
|
By Indusface
Managed WAF is the best solution available to protect applications from attacks. In this whitepaper, we will try to explore why this is the case and how can WAF be effectively deployed to ensure better efficacy?
|
By Indusface
Website vulnerabilities have become a security nightmare for most businesses. Whether you're an entrepreneur, a CIO, a director of security, a CTO, or something in between, understanding and evaluating risks is critical. And that's exactly where this eBook, can help you.
- May 2026 (12)
- April 2026 (3)
- March 2026 (10)
- February 2026 (11)
- January 2026 (14)
- December 2025 (27)
- November 2025 (13)
- October 2025 (18)
- September 2025 (9)
- August 2025 (14)
- July 2025 (10)
- June 2025 (23)
- May 2025 (19)
- April 2025 (9)
- March 2025 (17)
- February 2025 (6)
- January 2025 (10)
- December 2024 (6)
- November 2024 (10)
- October 2024 (5)
- September 2024 (5)
- August 2024 (10)
- July 2024 (12)
- June 2024 (5)
- May 2024 (7)
- April 2024 (8)
- March 2024 (8)
- February 2024 (10)
- January 2024 (8)
- December 2023 (5)
- November 2023 (7)
- October 2023 (9)
- September 2023 (10)
- August 2023 (9)
- July 2023 (12)
- June 2023 (7)
- May 2023 (10)
- April 2023 (9)
- March 2023 (15)
- February 2023 (13)
- January 2023 (6)
- December 2022 (1)
- November 2022 (4)
- October 2022 (10)
- September 2022 (10)
- August 2022 (5)
- July 2022 (1)
- April 2022 (6)
- March 2022 (1)
- February 2022 (6)
- January 2022 (3)
Secure web applications & APIs with ease. Get fully managed web app firewall & scanner to prevent DDoS & Bot attacks.
Indusface is a SaaS company that secures critical Web applications of 3000+ global customers using its award-winning platform that integrates a Web application scanner, Web application firewall, CDN, and threat information engine. Indusface is funded by Tata Capital Growth Fund.
We make it easy for you to secure your Web and Mobile Applications:
- Managed Web Application and API Protection: Risk Based Fully Managed Web Application and API protection with real time protection against OWASP exploits, DDOS attacks, Bot Mitigation and Zero Day attacks with 24x7 support from security experts.
- Comprehensive application vulnerability detection: Automated DAST Scanner combined with on demand Manual Penetration Testing , False positive removal via manual verification with 24x7 support from Security experts.
- Comprehensive Mobile Application vulnerability detection: In depth Pen-testing with multiplatform coverage including iOS, Android, Windows
- Powerful digital certificates for secure communication: Standard, EV, UCC multidomain & Wildcard certificates for your applications.