Aggregator

Запретили порно — все ушли в VPN.

Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers

A vulnerability classified as problematic was found in Apache OFBiz. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-61623. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Apache OFBiz. The impacted element is an unknown function. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-59118. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Fairsketch RISE CRM Framework up to 3.8. The affected element is an unknown function of the file /events/save of the component POST Request Handler. The manipulation of the argument Title results in cross site scripting. This vulnerability is cataloged as CVE-2025-41102. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Zoho ManageEngine Exchange Reporter Plus up to 5723. Impacted is an unknown function of the component Custom Report. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-7633. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Zoho ManageEngine Exchange Reporter Plus up to 5723. This issue affects some unknown processing of the component Public Folders Report. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-7632. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Zoho ManageEngine Exchange Reporter Plus up to 5723. This vulnerability affects unknown code of the component Folder Message Report Handler. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-7430. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Aryom KVKNET up to 2.1.7. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-11960. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A sophisticated Android remote-access trojan named KomeX RAT has emerged on underground hacking forums, with the threat actor Gendirector actively marketing the malware through tiered subscription models. The malware, built on the foundation of previously documented BTMOB, poses a significant threat to Android device owners due to its extensive capabilities and aggressive advertising campaign within […]

The post New “KomeX” Android RAT Hits Hacker Forums with Tiered Subscriptions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

乔治梅森大学的研究人员回顾了 2005 年至 2025 年间进行的 21 项实验研究，发现有一致的证据表明，接触杀虫剂会对人类健康产生负面影响，特别是男性生殖健康。这项研究集中于新烟碱类杀虫剂，这是全球使用最广泛的一类杀虫剂。这种化学品通常用于农作物，它们会被土壤、水和植物组织吸收。因此残留物可能会留在人类食用的食物中。为了了解潜在的健康影响，研究团队回顾了动物研究中的数据，这些研究探讨了神经刺激如何影响雄性啮齿类动物的生殖健康。该研究进一步证明，现代农业化学品虽然对作物保护至关重要，但也可能带来看不见的风险，因而需要更密切的科学研究。

A vulnerability was found in Fairsketch RISE CRM Framework up to 3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /projects/save of the component POST Request Handler. This manipulation of the argument Title causes cross site scripting. The identification of this vulnerability is CVE-2025-41101. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap

Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital economy. Business needs demand speed. Engineers constantly work to tight deadlines and are always focused on that next release. And with the rise of microservice architectures and the proliferation of cloud services in modern software, APIs are an essential part of effective and speedy development. No one in a business wants to hinder the pace of innovation. On the other hand, in an ever-evolving threat landscape, cybersecurity is a constant concern for organizations of all sizes. Novel attack vectors, particularly those related to APIs, emerge as quickly as technology evolves. It is more important than ever for application and security teams to work together. Failure to close the gap can be catastrophic.

The Dangers of Unsecured APIs

APIs, by design, serve as a gateway to your data. It makes them extremely attractive to attackers. APIs are also often the interface where business functions can be invoked. For that reason, APIs are the only construct that has both data access and transactional capabilities, so APIs are a doubly enticing target. Our research shows that API breach incidents are accelerating at a rate of 227% year-on-year and the average volume of records exposed is close to 3M per event.

Even the largest and most sophisticated organizations are at risk. Here are just a few examples:

API Vulnerability -  In 2021, the exercise equipment company had to deal with fallout as researchers identified a bug in its API that allowed unauthorized access to users' private data, including user IDs, instructor IDs, group memberships, location, workout stats, gender, age, and studio status. The vulnerability arose due to the fact that the API authenticated once, but then didn’t require subsequent authorization to access additional functions. Furthermore, sequential numbering made scraping very easy. It was a major concern, especially given the fact that the smart exercise bike company’s user base included President Joe Biden. The potential risks of built-in cameras and microphones in the bikes were highlighted, with questions about the security of such features in sensitive locations like the White House.

API Flaws - In 2020, web application security researcher, Sam Curry identified a vulnerability in a popular coffee chain’s web application that would allow attackers to access over 100 million records. The data included sensitive items such as names, emails, phone numbers, and addresses. The APIs in question allowed attackers to traverse API calls to hit URLs that weren’t supposed to be accessible on the internal host. Overly verbose error responses were a major factor. The internal API also had an exposed Microsoft Graph instance which would’ve allowed an attacker to exfiltrate those 100 million records. The bug was reported, patched and a bounty was awarded.

API Attack - The Australian telco was rocked by an attack in 2022. An internal API was inadvertently made public due to a DNS or network configuration change. Once public the API had inadequate authentication. This resulted in a significant cyber-attack which exposed the data of about 10 million customers, nearly 40% of the Australian population. The breach involved personal data, including names, birthdates, addresses, and ID numbers, with passport and driving license details for approximately 2.8 million individuals. There were ransom demands for $1 million in cryptocurrency and the situation became more complex as data samples were released and then retracted.

As illustrated by these examples, any API vulnerability or misconfiguration can open the door to data breaches that could cause reputational damage, financial loss, regulatory repercussions, and more. If data is the new oil, API breaches have the potential to be the next Deepwater Horizon or Exxon Valdez. Keeping your security teams and application developers on the same page is vital. But what if examples like those above aren’t enough to keep everyone aligned? How can you ensure API security without sacrificing speed to market? How can you protect your organization’s data without stifling innovation?

Here we look at some of the components of an effective API security strategy and how they bring benefits to both security teams and developers.

1. A Security First Mindset - Culture eats strategy for breakfast. The first-step in bridging the gap between application and security teams is about fostering a culture of security awareness and collaboration. It has to be a two-way street. It can’t all be about policy diktats and enforcement. Security teams need to work with developers to provide them with the knowledge, tools and support needed to protect APIs without sacrificing speed and efficiency. Finger-wagging will only go so far. CISOs need to strive for the right balance between protection and productivity. Their security teams need to push themselves to find the approaches that will minimize vulnerabilities while maximizing output. It’s not always the most obvious option. Whenever possible, focus on finding lightweight, low-overhead solutions for API security that have minimal impact on development velocity. Similarly, application teams need to appreciate that security is everyone’s responsibility. It’s not a bothersome afterthought that gets in the way of pulling down tickets and pushing new code to production. Security is existentially important to the organization. Creating a collaborative, ‘Security First’ culture is easier said than done. It takes time and requires real buy-in at every level. But it lays the foundation for the other more practical steps toward effective API security that follow.

2. API Security & Effective Discovery - We all know about the pitfalls of ‘shadow IT’ and nowhere have these challenges become more pronounced than in the realm of API security. The volume of ‘shadow’, ‘rogue’ or ‘zombie’ APIs you find in even the most security-conscious organizations can be shocking. And if you can’t see it, you can’t secure it. So, effective discovery across your entire API ecosystem is vital. It also helps in aligning the efforts of security teams and application developers. For security teams, API discovery serves two essential purposes. Firstly, it helps pinpoint potential security vulnerabilities by uncovering unauthorized or poorly secured APIs that might be exposing sensitive data. This allows them to neutralize threats before breaches occur. Secondly, comprehensive discovery helps security teams to formulate better policies and specs by identifying all of the outliers and possible configurations that might give rise to threats in future. For developers, effective API discovery can even boost productivity by providing a clear inventory that allows them to quickly locate APIs that suit their application needs, reducing development time and minimizing the likelihood of creating duplicate or unnecessary APIs. Effective API discovery programs can be a real win-win. It’s important though to ensure that wherever possible discovery is automated and ongoing. This is not a ‘one and done’ exercise and the need for manual development needs to be minimized. Integration with your various cloud environments, scanning of your repositories and a defined system of API inventory management all contribute to ensuring that both application and security teams have an accurate and up-to-date view of your entire API landscape.

3. Enhanced API Visibility and Monitoring - So you’ve identified all of your organization’s APIs and developed systems for ongoing discovery and inventory management. Now you need a way to see what’s happening across those APIs. Effective visibility and monitoring of API activity brings benefits for security teams and developers. On the security side, it provides a real-time window into the organization's API ecosystem. This visibility empowers security professionals to detect and respond promptly to potential threats, unauthorized access attempts, or anomalous behavior. By having a clear overview of API interactions, security teams can identify vulnerabilities and proactively address them, reducing the risk of data breaches and cyberattacks. At the same time, application developers gain valuable insights into how their applications interact with APIs, enabling them to optimize performance, enhance user experiences, and troubleshoot issues more effectively. This real-time feedback loop helps developers fine-tune their code, resulting in higher-quality applications that meet user expectations. Developers can share data-driven insights with security teams, leading to a deeper understanding of application behavior and potential security risks. This partnership enables developers to make informed decisions that align with the organization's security objectives.

4. API Security Posture Management - Comprehensive API security posture management offers a dual benefit too. For security teams, it means the ability to define standards, enforce policy and ensure consistency of APIs across the organization. While developers can leverage these predefined security policies and configurations to create new APIs more quickly, eliminating the need to figure out complex security measures for each new deployment. Ultimately, it allows them to code with confidence and get more done.

5. Streamlined Incident Response - An effective API strategy will minimize the risk of significant breaches and if an incident does occur, it equips your organization to respond quickly and efficiently. This brings benefits to both application and security teams. From a security perspective, the benefits are obvious. A robust API security strategy with comprehensive discovery, accurate API inventory, centralized logging and sophisticated posture management makes digital forensics and incident response much easier. And that’s good news for application teams too. It means reduced disruption to their development workflows with no need for developers to compile logs from disparate sources or to get bogged down in the investigation of an event. It also means that developers are informed promptly about security incidents that might impact their applications. This enables developers to take immediate action, address vulnerabilities, and implement necessary changes, contributing to the overall security posture.

The trade-off between productivity and protection will never be eliminated entirely. Security and application teams will always be driven by different motivations. But when it comes to API security, the ability to communicate the benefits of an effective API security strategy to both developers and security teams will go a long way towards bridging the gap. And by doing so you’ll achieve increased security while giving developers the confidence to deliver even greater innovation through APIs.

The post API Security: Bridging the Gap Between Application and Security Teams – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber security executives including SentinelOne VP of Cloud Security Ely Kahn, Intel 471 CEO Mark Arena, and Shift5 CEO Josh Lospinoso.

Application Programming Interfaces (API) are the core enabling technology for modern digital applications and the Internet of Things (IoT), allowing multiple systems to communicate with each other. With studies showing that more than 80% of all internet traffic is derived from APIs, the volume of sensitive data being accessed and transmitted through these essential interfaces is increasing dramatically. FireTail enables organizations to maintain continuous visibility over their APIs, monitor for threats and prevent breaches with a unique, end-to-end focus on the application layer of cloud-native applications.

The company is engaged with a number of early adopters across North America, Asia-Pacific and Europe, with hundreds of APIs secured and millions of events observed. FireTail is helping early-access customers to build a quick and complete API inventory, and then find and eliminate API security issues.

“FireTail is taking a unique approach that makes it easy to embed robust security protection natively within the API itself, rather than trying to adapt legacy network security methods to APIs. We’re thrilled to be partnering with FireTail to bring its technology to developers and enterprises alike,” said Mourad Yesayan, Managing Director at Paladin and FireTail Board Member.

The company was co-founded by Jeremy Snyder and Riley Priddle. Snyder, CEO, brings decades of experience as a former cyber and IT practitioner, as well as C-Suite experience in customer-facing roles at companies including AWS, Rapid7, DivvyCloud and TRADOS. Priddle, CTO, is a technical leader with past experience including SkyTV and HP. They launched FireTail with a vision to prevent API-based data breaches. 

“Fundamentally, the root causes of API data breaches are application logic problems,” said Snyder. “Our library makes it easy to execute inline, preventative checks against the main attack vectors. This funding will help us expand coverage to multiple code languages, cloud platforms, and geographically. We also have new initiatives we’re developing together with our customers to provide true end-to-end API security. We’ll wrap up implementation cycles with this cohort early next year, and look forward to doubling the size of the cohort in early 2023.”

FireTail is taking a collaborative approach to product development, partnering directly with cloud-native and API-centric customers to solve the most pressing challenges around API security. Companies interested in learning more can apply to join the early access program at https://firetail.io/2023.

About FireTail

FireTail allows customers to solve all the most critical problems facing APIs today by sitting at the application layer, with full visibility and run-time blocking controls. Existing API security solutions are largely legacy, single-silo (ex. network) solutions, re-purposed to focus on APIs. While they can help, they typically focus on just a part of the problem. FireTail’s breakthrough approach came as a result of analyzing breaches against APIs for root causes, and engineering a solution from scratch specifically to address those pain points.  FireTail is headquartered in Northern Virginia, with additional offices in Dublin, Ireland. To learn more, please visit us at https://firetail.io or follow us on LinkedIn.

About Paladin Capital Group

Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, London, Luxembourg, and Silicon Valley. As a multi-stage investor, Paladin’s core strength is identifying, supporting and investing in innovative companies that develop promising, early-stage technologies to address the critical cyber and advanced technological needs of both commercial and government customers. 

Combining proven investment experience with deep expertise in global security, cyber technology and cutting-edge research, Paladin has invested in more than 60 companies since 2008 and has been a trusted partner to investors, entrepreneurs and governments for over two decades.

For more on Paladin Capital Group, follow us on Twitter at @Paladincap and on LinkedIn or visit us at www.PaladinCapGroup.com.

‍

Media Contact

Taylor Hadley

LaunchTech Communications 

978-877-2113

[email protected]

‍

The post FireTail Raises $5M to Accelerate API Security, Led by Paladin Capital Group – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. 

The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud architectures, along with the risks posed by these modern design patterns. Jeremy will also share details from API-based data breaches from the past several years, and explain the attack vectors and defense strategies for the audience.

We also invite attendees of UK Cyber Week to meet up with the FireTail team at stand D20 in the exhibitor area! We would look forward to discussing the benefits of our hybrid approach to API security.

UK Cyber Week brings the IT and cybersecurity communities together to incorporate and enhance new cybersecurity methodologies for organizations. Join world-class experts and leave with the knowledge needed to protect your teams, company, and more. You can register for this free event here.

FireTail’s blog has many resources related to API security. Check out our recent blog post, Maximizing the Power of API Microservices Architecture: Best Practices and Key Considerations.

About FireTail

FireTail engineered a hybrid approach to API security: an open source library that protects programmable interfaces with inline API call evaluation and blocking, cloud-based API security posture management, centralized audit trail, and detection and response capabilities. FireTail is the only company offering these capabilities together, ultimately helping organizations eliminate API vulnerabilities from their applications and providing runtime API protection.

FireTail is headquartered in Washington, DC, with additional offices in Dublin, Ireland and Helsinki, Finland. FireTail is backed by leading investors, including Paladin Capital, Zscaler, General Advance and SecureOctane.

FireTail. API Security.

Import. Setup. Done.

‍

The post FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023 – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland. Historically a strong cybersecurity research center, FireTail looks to expand the company’s talent pool based out of Helsinki and the Baltic States. 

Rüppell brings to FireTail a wealth of experience in technology development and team leadership for early stage companies. He will work closely with co-founder and CTO Riley Priddle to define and navigate the development of FireTail’s API security platform. Previously, Rüppell served as CTO at Mapita Ltd. where he was focused on product design, including security, privacy, and compliance management. Earlier in his career, Rüppell leveraged his PhD in theoretical particle physics as a researcher for Helsinki Institute of Physics. 

“FireTail is thrilled to welcome Timo to our growing team. With his background and expertise, I am confident Timo will make a lasting impact on the direction of FireTail’s products, as well as the API security market,” said Jeremy Snyder, FireTail co-founder and CEO. “It’s an exciting time for our company as we expand our presence globally, and plant roots in new cities. We look forward to all the collaboration and innovation that will take place at our new office in Helsinki.”

> “After another year of watching significant breaches and security incidents at major enterprises play out in the news, the need for a new approach to solving the security threats tied to APIs has never been more clear. I look forward to working with the FireTail team to further their mission of offering simple yet effective API security that makes a positive impact and makes the internet a safer place for everyone,” added Rüppell. 

FireTail will be at CloudNativeSecurityCon on Feb. 1-2, 2023 in Seattle, Washington. Visit the team in the Startup Zone to learn more about FireTail’s unique approach to solving API security threats. 

The company is actively looking for startup-minded individuals with a passion for application security and cloud technologies to join the team. If you are based in Helsinki and are looking for a new opportunity, learn more about FireTail’s open roles and company culture at firetail.io/careers.

About FireTail

FireTail’s API security platform protects programmable interfaces with inline API call inspection and blocking, API security posture management, centralized API audit, and detection and response capabilities. The cloud-based solution helps organizations scale their API landscape and reduce the attack surface. FireTail makes API security as simple as import, setup, done.

FireTail is headquartered in Northern Virginia, with additional offices in Dublin, Ireland and Helsinki, Finland. To learn more about FireTail’s API security solution visit us at https://firetail.io or follow us on LinkedIn.

The post FireTail Names Timo Rüppell as Vice President of Product – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - Jeremy Snyder - In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application's popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called attack path), document the scale of the breaches* and discuss the event in more detail.

WHAT IS THE VULNERABILITY?

The vulnerability has come to be classified as CVE-2023-34362, generally described as “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database”.  The moveIT application is generally used for secure file transfer between organizations, so its core functionality is uploading, downloading and viewing electronic documents on a moveIT server.

WHAT IS THE IMPACT OF THE MOVEIT BREACH EVENT?

This is one of the largest and broadest API-enabled data breaches of the past decade. As of the time of publication, more than 700 individual organizations and more than 47 million data records have been confirmed breached.  According to a tracker of this specific event:

“U.S.-based organizations account for 79.4 percent of known victims, Germany-based 4.8 percent, Canada-based 3.3 percent, and U.K.-based 2.7 percent.”

WHAT IS THE ATTACK PATH FOR MOVEIT?

moveIT attack path

While disclosures and analysis around the moveIT vulnerability vary, there are some patterns that are consistent across publications. One very likely attack path for bad actors to leverage this vulnerability is multi-step:

1. An API can be fooled with manipulated headers to allow an attacker to set variables without being sanitized from MOVEit’s input sanitization function
2. Via that sanitization bypass call, an SQL injection was possible to a guest registration endpoint
3. Through the SQL injection, the attacker sets the foundation to gain administrator privileges via an API that is fooled by sending a JWT (JSON Web Token), referencing an external endpoint - controlled by the bad actor - to validate the token
4. The attacker gains administrative rights and can access functions that allows them to further leverage the SQL injection to achieve remote code execution:

* This is done by leveraging a flaw in the file upload, where an API call that declares the upload to “Resume” a previously interrupted upload, will not be checked by the server. The server will assume that it is indeed a resumed upload, and will act accordingly.
* The logic behind this resumed upload is that a serialized - a form of encoding - malicious payload can be included through that SQL injection.
* The malicious payload is passed directly to the moveIT application server function, and executed. The malicious payload triggers the remote code execution. Data exfiltration from the organization may happen as a result.

HOW DO APIS CONNECT TO THE VULNERABILITY?

HOW DOES THIS VULNERABILITY ALIGN TO THE OWASP API TOP 10?

As per the attack path above, there are 3 separate API touchpoints leveraged for this breach. Each one has a slightly different problem.

* Unauthenticated access; OWASP API 2023:2
* Authentication that doesn’t leverage a controlled pre-defined identity server; this does not map directly to the OWASP API Top 10, from either 2023 or 2019
* Manipulated calls that trigger bad behavior; API8:2019 Injection

‍How can FireTail help?

FireTail’s API discovery and inventory capabilities will keep organizations aware of all the APIs run in their cloud environments, including moveIT. Secondly, FireTail’s API logging capabilities can help understand the scope, timing and scale of any API data breach.

REFERENCES

* https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
* https://en.wikipedia.org/wiki/2023_MOVEit_data_breach
* https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/
* https://nvd.nist.gov/vuln/detail/CVE-2023-34362

The post moveIT – a series of breaches, all enabled by APIs – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - Alan Fagan - CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients prepare for impending attacks.

With CYFIRMA's advanced capabilities, organizations can identify emerging threats, gain insights into potential attack scenarios, and take proactive measures to safeguard their assets.
APIs are an increasingly important threat vector, and they remain a security blind spot for many organizations. That’s where FireTail comes in.

We will be working with CYFIRMA to provide clients with complete API security. Our unique hybrid approach combines an open-source library for inline API call evaluation and blocking with a cloud-based SaaS platform for API security posture management, centralized audit trails, and detection and response capabilities. This comprehensive solution helps organizations eliminate API vulnerabilities, ensuring the secure functioning of their applications.

Combining CYFIRMA’S external threat management solutions with FireTail’s API security platform brings complete visibility into your organization's digital footprint. From APIs and external threats to vulnerabilities and data leaks, we've got you covered. You can identify security gaps, close vulnerabilities, and protect sensitive data.

We are excited about this partnership and look forward to bringing our combined solutions to enterprise organizations across the world.

To learn more about our partnership with CYFIRMA, contact us now on [email protected]

The post CYFIRMA & FireTail: Working Together for Complete Visibility and Robust API Security – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 according to the 2022 Verizon DBIR, making them the second most common attack pattern that year. As a result, Web Application Firewalls (WAFs) have become a focal point of some security conversations. 

What is a web application firewall (WAF)?

A web application firewall (WAF) monitors, filters and blocks (if necessary) HTTP traffic as it travels between a web application and a requestor via the internet. Much like how TSA controls who passes through security checkpoints at an airport, WAFs protect web systems against known and unknown threats and vulnerabilities in today’s security threat landscape.

WAFs can be used to inspect, detect and prevent attacks such as malware infections, zero-day exploits, impersonations, and potentially other similar threats, whether running as a network appliance, server plugin or cloud service. 

What is the difference between a web application firewall (WAF) and a regular firewall?

WAFs and standard firewalls  differ not only in the type of protection they offer, but in overall function. For starters, a WAF is primarily focused on the security of an application, whereas the traditional firewall is focused on the security of a network. 

A traditional firewall protects a secured, local-area network from unauthorized access to prevent the risk of attacks. Its primary job is to separate secured zones from less secure zones, controlling all communications between the two. 

WAFs, on the other hand, sit between external users and web applications to analyze all HTTP communication. It then detects and blocks malicious requests (based on a list of known attack types) before they reach the user, securing business-critical web applications and servers from zero-day threats and other application-layer attacks. 

What are the advantages of using a WAF?

As web application attacks continue to grow, implementing a solution (or solutions) that will effectively protect an organization’s digital assets is critical. WAFs offer a number of advanced capabilities that have proven to strengthen web application security. For example WAFs provide advanced threat prevention capabilities, and they also give administrators the flexibility needed to respond to sophisticated attacks with real-time insights into application traffic, performance, security and threat landscape.

What are the disadvantages of WAFs?

As with any solution, there are also disadvantages to implementing a WAF into a security strategy. WAFs operate through a set of rules or policies, known as WAF Rules, that aim to protect against vulnerabilities by filtering out malicious traffic. These rules must be updated frequently, which can make WAFs complex to deploy. Cloud architectures and rapid rates of change in cloud environments also make it difficult to keep WAFs effective.

While the speed and ease with which WAF rules can be implemented allow for quicker response times to varying attack vectors, they also require regular maintenance whenever additions or updates are made to an application. As a result, WAFs are subject to a high degree of false positive alarms, as the protected applications are constantly changing and requiring different rules for traffic over time. 

WAFs in the current threat landscape

While WAFs provide protection against numerous sophisticated attacks, like SQL injection, cross-site scripting (XSS) and other application-specific attacks, they can’t shield web assets from all attacks. For example, most WAFs can’t protect against malicious bots. Some bots use direct attacks that WAFs are designed to identify and block, but many abuse legitimate business logic that WAFs simply are not designed to identify. This is why it is incredibly important to have a well rounded security stack that includes other security solutions that complement a WAF (such as bot management software, in this case.)

Introduction to FireTail’s API Security Platform vs. WAFs

After analyzing the root cause of known application programming interface (API) breaches, FireTail engineered a hybrid approach to API security: an open source library that protects programmable interfaces with inline API call evaluation and blocking, and cloud-based API security posture management, centralized audit trail, and detection and response capabilities. We are the only company offering these capabilities together.

The four most common API attack vectors include: broken authorization logic, flawed authentication controls, security misconfigurations, and injections making APIs misbehave. Most approaches to API security are based around network traffic analysis or WAFs; yet both of those approaches fail to stop the most common API attack vectors because the attacks look like normal traffic. In future blog posts, we will get into further detail about how FireTail’s approach goes above and beyond traditional WAFs.

To learn more about the key benefits of FireTail’s API security platform, including the ability to block and track the top API attack vectors in real-time, please contact us.

PS - some other great resources on this topic include:

https://www.techtarget.com/searchsecurity/definition/Web-application-firewall-WAF

The post Exploring the Pros and Cons of Web Application Firewalls (WAFs) – FireTail Blog appeared first on Security Boulevard.

Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December 2022, we are proud to have launched the first version of our platform into production and secured our first paying customers and channel relationships.

We believe API security is the evolution of cloud security. Our co-founders Jeremy and Riley come from deep experience in cloud security, including building and managing API-centric cloud-native applications. They first met in 2017 discussing cloud security, the importance of visibility, real-time inventory and configuration monitoring. Together, Jeremy and Riley conceived a vision to bring security into the modern open-source development model, aligning a simple code library to the most popular API frameworks.

After analyzing the root cause of known API breaches, FireTail engineered a hybrid approach to API security: an open source library that protects programmable interfaces with inline API call evaluation and blocking, and cloud-based API security posture management, centralized audit trail, and detection and response capabilities. We are the only company offering these capabilities together.

Most approaches to API security are based around network traffic analysis or WAFs; yet both of those approaches fail to stop the most common API attack vectors because the attacks look like normal traffic. Preventative security requires both a greater level of data visibility and also the ability to analyze calls individually and in real-time, not only in the aggregate. To help companies address all types of API attack vectors, FireTail’s platform is a two-part solution for API security:

* An open-source code library that application owners and developers can include to provide real-time inline API call inspection and preventive controls to block malicious API calls. The library can also log centrally to the FireTail cloud platform.
* The FireTail cloud platform includes API discovery and inventory, API security posture management, high-fidelity log-based detection algorithms, and digital forensics. 

FireTail is working full steam ahead to continue providing the most comprehensive API security offering on the market. Our plans over the next 12 months include:

* Announce some exciting new$...
* Code library coverage for additional languages and additional serverless architectures
* Additional detections
* Coverage for additional cloud providers
* Expanded API security posture management capabilities
* Integrations with more security operations tools

‍

Stay tuned for more FireTail updates!

The post Introducing FireTail: Making API Security as Simple as Import, Setup, Done – FireTail Blog appeared first on Security Boulevard.