APIs used to be the quiet backstage crew that made apps feel magical. Now attackers have learned the script — they walk onstage, deliver perfectly polite lines, and walk off with the props. In H1 2025 Imperva observed 40,000+ API…
Category: Blog
Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks
It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post,…
Operation Eastwood: Measuring the Real Impact on NoName057(16)
Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we…
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don’t Know What You Don’t Know – And That’s the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet…
Imperva API Security: Authentication Risk Report—Key Findings & Fixes
An in-depth analysis of common JSON Web Token (JWT) mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs. Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That…
When You’re Always Under #DDoS Attack
We recently mitigated a 1.55 terabit per second (Tbps), DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service (DNS) provider. I’ve personally used them for over a decade to register domains for…
Why Separating Control and Data Planes Matters in Application Security
Modern application environments are dynamic, distributed, and moving faster than ever. DevOps teams deploy new services daily, APIs multiply across regions, and traffic fluctuates by the hour. At the same time, organizations must uphold security, compliance, and availability without slowing…
Why Separating Control and Data Planes Matters in Application Security
Modern application environments are dynamic, distributed, and moving faster than ever. DevOps teams deploy new services daily, APIs multiply across regions, and traffic fluctuates by the hour. At the same time, organizations must uphold security, compliance, and availability without slowing…
Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting (XSS), insecure…
Marginal Emissions Rates: See Carbon Emissions with Clarity in Real Time
Learn how Akamai is using marginal emissions rates to improve the transparency and accuracy of our emissions accounting. This article has been indexed from Blog Read the original article: Marginal Emissions Rates: See Carbon Emissions with Clarity in Real Time