WAAP vs WAF vs RASP: Top Differences in 2025
As the cybersecurity landscape evolves rapidly in 2025, safeguarding web applications grows increasingly complex and vital. The rise in zero-day
Cybersecurity Weekly Recap: Top Cyber Attacks, Vulnerabilities & Data Breaches
Introduction In the first half of April 2025, cybersecurity threats have escalated in both volume and complexity. From state-sponsored cyber
Next.js Middleware Vulnerability: Security Loophole Explained
CVE-2025-29927 CVSS Score: 9.1 High Severity A newly discovered high-severity vulnerability in Next.js (CVE-2025-29927) is raising serious concerns for developers
Web Skimmer Campaigns Using Legacy Stripe APIs
A recently uncovered web skimming scheme is elevating online fraud by leveraging an outdated Stripe API to verify stolen payment
The Hidden Dangers of SSL Misconfigurations: What’s Putting Your Data at Risk?
SSL/TLS encryption forms the foundation of secure online communications; however, misconfigurations can expose vulnerabilities to cyber threats instead of protecting
Evolution of Malware Loaders: Evasion & Persistence Tactics
The cybersecurity landscape continues to evolve with adversaries deploying new and advanced malware loaders to bypass detection. Recent research has
10 Best Practices for WAF Integration in DevSecOps Pipelines
Integrating a Web Application Firewall (WAF) into DevSecOps pipelines ensures continuous security, real-time threat mitigation, and compliance automation. As cyber
10 Must-Know Updates in the OWASP API Security Top 10
APIs are the backbone of modern applications, enabling seamless communication between systems. However, their increasing usage has also led to
Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security
What if your cybersecurity defenses could think faster, act smarter, and protect better—without compromising performance? In an age where cyber
CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT
Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db)
PrivaPlan Partners with Prophaze to Set New Era in Data Security and Compliance
Santa Fe and San Jose, CA—January 13, 2024— PrivaPlan Associates, Inc., a leader in HIPAA privacy and security, and Prophaze
CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY
Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to
CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY
Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with
CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION
Description IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection
CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION
Description IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute
CVE-2024-12832 : ARISTA NG FIREWALL 17.1.1 REPORTENTRY SQL INJECTION
Description Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create
CVE-2024-12728 : SOPHOS FIREWALL UP TO 20.0 MR2 SSH WEAK CREDENTIALS
Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3
CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS
Description A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote
CVE-2024-35141 : IBM SECURITY VERIFY ACCESS DOCKER UP TO 10.0.6 UNNECESSARY PRIVILEGES
Description IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to
CVE-2023-23356 : QNAP QUFIREWALL UP TO 2.3.2 COMMAND INJECTION
Description A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could
CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION
Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version
CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL
Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute
CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT
Description IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A
CVE-2024-47480 : DELL INVENTORY COLLECTOR CLIENT UP TO 12.6.X SYMLINK
Description Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege