This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far and wide. We’ve spoken to cybersecurity experts from around the world to answer what’s, for us, the most pressing question…
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing attack activity. This update summarizes the changes and observations we have made across Wallarm customers. The First PoC Exploit Was Not Real Soon after the vulnerability was disclosed, an early PoC began circulating on GitHub.…
As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect. If 2024 was about laying the groundwork (tracking API sessions to understand behavioral attacks), then 2025 was the year we built upon that foundation, turning insight into action and visibility into measurable business impact. API Sessions: From Observation to Action We started the API sessions…
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments. What is CVE-2025-55182? CVE-2025-55182 is an unauthenticated remote code execution (RCE) vulnerability, rated CVSS 10.0, and it is already being actively exploited in the wild. For more details, you can refer to this advisory. The…
The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact. What Happened During the Mixpanel Incident? Why Does it Matter? In November 2025, OpenAI revealed that cybercriminals successfully breached Mixpanel, one of its…
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust. What is SesameOp? SesameOp is a custom backdoor malware. It is engineered to maintain persistence and, crucially, allow an attacker…
