Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

Managed DDoS Protection for E-commerce: Securing Online Store Availability

Dec 19, 2025 By Vinugayathri Chinnasamy In Indusface
The digital storefront never sleeps, but in the first half of 2025, it has faced unprecedented hostility. According to the State of Application Security report 2025 Report, the threat landscape has shifted dramatically. E-commerce has become a primary target, with DDoS incidents in the retail and e-commerce sector spiking by 420%. Perhaps even more concerning is the vector of these attacks: attacks on APIs rose by 104%, with vulnerability exploitation increasing 13-fold.
Read Post
indusface

CVE-2025-66675: Apache Struts DoS Vulnerability Leads to Disk Exhaustion

Dec 17, 2025 By Bhargavi Pallati In Indusface
A newly disclosed denial-of-service vulnerability, CVE-2025-66675, affects a wide range of Apache Struts 2 versions and poses a serious availability risk for applications that handle file uploads. While the EPSS score is 0.05%, indicating a low probability of exploitation in the next 30 days, the vulnerability still represents a high availability risk for exposed and unpatched environments.
Read Post
indusface

Secret Scanning: A Critical Practice for Protecting Sensitive Data in Code

Dec 17, 2025 By Aayush Vishnoi In Indusface
With the rise of CI/CD pipelines, cloud-native development, and globally distributed teams, sensitive credentials like API keys, tokens, and database passwords often slip into source code. Sometimes accidentally, sometimes under pressure to deploy fast. This is not a rare mishap. A recent study found that 34% of API security incidents involve sensitive data exposure. And according to Cyble, over 1.5 million.env files containing secrets have been discovered in publicly accessible environments.
Read Post

CVE-2025-10573: Stored XSS in Ivanti EPM

Dec 17, 2025 By Indusface In Indusface
A critical stored XSS vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager lets attackers poison the admin dashboard with malicious scripts, leading to session hijacking and device compromise. AppTrana blocks these malicious scan submissions at the edge, preventing stored XSS payloads from ever reaching the EPM dashboard, even before patching.
View Video
indusface

React After React2Shell: New RSC Vulnerabilities Expose DoS and Source Code Risks

Dec 17, 2025 By Bhargavi Pallati In Indusface
The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.
Read Post

AppTrana AppSec Platform | AI-powered All-in-One Web and API Security Platform

Dec 16, 2025 By Indusface In Indusface
About Indusface: Indusface is a leading application security SaaS company, securing over 6,500 customers across 95 countries with its award-winning platform. Backed by leading institutional investors, Indusface is a category leader in cloud WAAP, with repeated recognition from top analysts and industry platforms including Gartner, Forrester, GigaOm, and G2. The industry's only AI-powered, all-in-one AppSec platform helps businesses discover, detect, remediate, and protect web applications and APIs at internet scale, backed by a 100% uptime guarantee.
View Video

Deepfake & AI Defense for Digital Insurance | Dr.Pawan Chawla (CISO & DPPO, Tata AIA Life Insurance)

Dec 15, 2025 By Indusface In Indusface
In Episode of Guardians of the Enterprise, Dr. Pawan Chawla (CISO and DPPO, Tata AIA Life Insurance) joins Ashish Tandon (Founder and CEO, Indusface) to discuss the emerging cyber challenges facing the insurance industry. He highlights how cybercrime marketplaces are lowering barriers for attackers, the rise in third-party and internal risks, and other evolving threats shaping security priorities for insurers.
View Video

Securing Mission-Critical Insurance Systems

Dec 15, 2025 By Indusface In Indusface
In this episode, Dr. Pawan Jawla, Chief Mission Security Officer at Tata AIA, shares what truly keeps security leaders awake at night while protecting mission-critical insurance systems. From the rise of low-cost ransomware and evolving fraud techniques, to meeting Government of India, DCI, and insurance-specific compliance standards. We also explore why security audits should be treated as gap-finding, not fault-finding, the persistent confusion around data ownership inside enterprises, and why, despite massive investment, 95% of organizations still struggle to see ROI from AI.
View Video
indusface

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface
A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.
Read Post

CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments

Dec 10, 2025 By Indusface In Indusface
A critical XXE vulnerability, CVE-2025-66516, has been discovered in Apache Tika, putting any workflow that processes PDFs at serious risk. A malicious PDF can trigger the exploit through any Tika workflow, silently giving attackers access to sensitive files, internal URLs, cloud metadata, and your internal network. AppTrana blocks these malicious PDFs at the edge, keeping your data and internal systems secure.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.