The risks involved with the operatorAliases option in Sequelize, the popular library for DBMSs
Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration.…
New critical Apache Unomi exploit was released yesterday. As an official press release says: “Apache Unomi is the industry’s first…
In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination…
On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues.…
This year is full of extraordinary events and cybersecurity domains are not an exception. Massive WebSocket vulnerabilities are not so…
An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new…
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly.…
This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box…
A lot of information about detected malicious requests is already available in the Wallarm console UI. However, the search functionality…
JSON Web Token (JWT) is the data format with bill-in signature and encryption mechanisms that are often used by modern…