Unrestricted Resource Consumption (API4:2023) is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service (DoS) and resource abuse. But despite being just one category, attackers can exploit it in many different ways; from large file uploads and expensive GraphQL queries to abuse of metered third-party services like SMS gateways or AI/LLM APIs. These attacks can lead not only to performance degradation and service unavailability, but also to…
With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models (LLMs) and Multi-Component Protocols (MCP) – bring immense potential, but also novel vulnerabilities that traditional tools weren’t designed to handle. At Wallarm, we’re closely following emerging guidance around these new attack surfaces, including the recently released OWASP Multi-Agentic System Threat Modeling Guide v1.0. Drawing from those recommendations, we’ve compiled…
IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals a troubling pattern: APIs and integrations are often the real entry point, and they’re frequently under-secured. At Wallarm, we’ve been banging this drum for a while.…
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the back of your wardrobe, the formula one simulators, the marketing trickery. Instead, step into a new kind of conference experience, one that takes you on a journey through past, present, and future of cybersecurity. Step into Wallarm’s Cyber Security Museum. Why a Museum? Wallarm’s booth wasn’t just about showing products; it was about curating history. …
I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From zombie endpoints to the limits of WAFS and gateways, we covered what’s really happening on the ground; and what security teams need to do differently. Here’s a quick rundown of the key takeaways, but for the full picture, watch the full webinar. Myth 1: “We Know What APIs We Have”…
On July 19, 2025, a critical remote code execution (RCE) vulnerability (CVE-2025-53770, also referred to as ToolShell) was publicly disclosed, impacting on-premises Microsoft SharePoint Server installations. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely by leveraging insecure deserialization techniques. Given the platform’s widespread use and exposure to the internet, the potential for compromise is substantial and growing, especially with confirmed active exploitation in the wild. Vulnerability Overview CVE-2025-53770 targets Microsoft SharePoint via a…