All news with #web application firewall tag

🛡️ Check Point explains why GenAI chatbots create new security risks by acting as a front door to internal systems and data. The post highlights real incidents—prompt injection, data exposure, and misleading responses—that demonstrate legal, financial, and reputational impacts. It describes how Check Point WAF extends unified application and API security into the conversational layer to detect and block malicious prompts, prevent data leaks, and control unsafe outputs.

🛡️ Google Cloud has launched Fraud Defense, a trust platform that advances reCAPTCHA to address risks from autonomous AI agents as well as traditional bots and human fraud. The offering includes agentic activity measurement, an agentic policy engine for granular controls across the customer journey, and an AI-resistant QR code challenge to request human presence when needed. It integrates industry standards such as Web Bot Auth and SPIFEE and leverages Google’s global signals to enable largely invisible verification for legitimate users. Existing reCAPTCHA customers are automatically included with no migration or pricing changes.

🛡️ NETSCOUT’s Arbor Threat Mitigation System (TMS) earned five G2 winter 2026 badges, including Leader distinctions for Enterprise DDoS Protection, DDoS Protection, and Web Security, plus a regional nod in Asia. Arbor Sightline also secured a leader badge for enterprise network management. G2 awards reflect verified user reviews and NETSCOUT’s market presence; customers praise AI/ML-driven visibility, automated defenses, and carrier-grade, hybrid/cloud mitigation.

🔒 Google Cloud's Cloud NGFW Enterprise now supports domain and SNI-based URL filtering with limited wildcard matching to shift enforcement to the application layer. The URL filtering service inspects HTTP payloads and SNI headers to enable granular egress policies and block malicious domains without requiring full TLS decryption. This reduces the operational burden of tracking dynamic IPs and helps prevent bypass techniques such as SNI spoofing while preserving end-to-end encryption and compliance.

🔒 AI-driven changes in web applications and APIs are outpacing traditional controls, creating large visibility and detection gaps. The 2026 Web Application Security Report, based on a global survey of over 800 security professionals, finds only 29% confidence in overall application security and just 15% for AI-integrated apps. FortiAppSec Cloud is presented as an integrated platform combining WAF, API protection, bot mitigation, and application security services to provide shared telemetry and consistent enforcement across dynamic, service-generated traffic.

🛡️ Cloudflare announced Attack Signature Detection, a new always-on framework that inspects every proxied request and attaches signature metadata for full visibility without sacrificing protection. The model separates detection from mitigation, populating fields like cf.waf.signature.request.ref, confidence, and categories for use in Security Analytics and the Edge Rules Engine. Detections use the same heuristics as the Managed Ruleset but operate as non-blocking signatures by default, and Full-Transaction Detection — which correlates request and response to reduce false positives and confirm exploits — is under development and available for early interest.

🔐 The article contends that application security must start at the load balancer, which serves as the primary traffic entry and trust boundary rather than just a performance device. The author describes consulting cases across finance, healthcare, SaaS and retail where permissive edge settings enabled downgrade attacks, bot floods, and long-term technical debt. Recommended controls include enforcing modern TLS, sanitizing requests, applying bot and rate controls at the edge, and integrating the load balancer with downstream WAFs and security tools to reduce incident scope and operational cost.

🔍 Cloudflare describes how dispersed, low‑severity signals can combine into a full security incident termed “toxic combinations.” Using network-wide telemetry, Cloudflare correlates bot indicators, sensitive paths, anomalies, and misconfigurations to detect multi-step reconnaissance and exploitation before a clear exploit appears. The post outlines concrete detection queries and practical mitigations — from WAF rules and Zero Trust controls to API authentication and debug flag hygiene.

🔒 The WAF Comparison Project 2026 presents the findings of a third annual, real-world evaluation of 14 leading WAF vendors using 1 million legitimate requests and 74,000 malicious payloads. Testers found attackers increasingly employ evasion, payload padding, and zero-day techniques that can bypass signature-based defenses. The report emphasizes a prevention-first strategy — combining proactive filtering, behavioral controls, and continuous tuning — to better protect web apps, APIs, and GenAI workloads.

⚠️ Yokogawa's FAST/TOOLS (versions R9.01–R10.04) contains multiple web and cryptographic vulnerabilities tracked across 14 CVEs that could enable redirection to malicious sites, decryption of communications, man-in-the-middle attacks, cross-site request forgery, script execution, and unauthorized file access. Example CVSS v3 scores reach up to 8.2 for some issues. Yokogawa advises updating to R10.04, applying patch CS_e12787, then installing R10.04 SP3. CISA recommends minimizing Internet exposure for control systems, isolating OT networks behind firewalls, and using secure remote access.

🔒 Datadog Security Labs disclosed an active web-traffic hijacking campaign that leverages the critical React2Shell vulnerability (CVE-2025-55182, CVSS 10.0) to inject malicious nginx configurations. Attackers use multi-stage shell scripts to create proxy_pass rules that route requests to attacker-controlled backends, focusing on Asian and government/education TLDs and Baota management panels. GreyNoise telemetry links the activity to two dominant IPs and over 1,000 unique sources.

🔁 Researchers at DataDog Security Labs uncovered a campaign in which threat actors compromise NGINX servers and Baota-managed hosting panels to inject malicious 'location' blocks into configuration files, rerouting user requests through attacker-controlled backends. The attackers preserve headers like Host, X-Real-IP, User-Agent, and Referer to blend traffic with legitimate requests. The injection toolkit runs in five scripted stages and exfiltrates a map of hijacked domains to a C2 at 158.94.210[.]227.

🛡️ Cloudflare has deployed new WAF protections to mitigate a high‑severity RCE in React Server Components (CVE-2025-55182). All customers whose React traffic is proxied through the Cloudflare WAF are automatically protected — the rules are included in both the Free Managed Ruleset and the standard Managed Ruleset and default to Block. Rule IDs: Managed Ruleset 33aa8a8a948b48b28d40450c5fb92fba and Free Ruleset 2b5d06e34a814a889bee9a0699702280; Cloudflare Workers are immune. Customers on paid plans should verify Managed Rules are enabled and update to React 19.2.1 and the recommended Next.js releases (16.0.7, 15.5.7, 15.4.8).

🔒 Check Point's CloudGuard WAF combines high prevention accuracy with reduced operational overhead to lower risk and total cost of ownership. In the WAF Comparison Project 2024–25 (1,040,242 legitimate requests across 692 sites, 13 vendors) it delivered ~99.4% detection and ~0.8% false positives. That accuracy, paired with less manual tuning and faster false-positive triage, cuts hidden expenses and breach exposure while protecting apps and APIs.

🔍 Cloudflare describes enhancements to its Web Application Firewall (WAF) payload logging, which now records specific request fields and post-transformation values that triggered a rule. The feature disambiguates which branch of a rule evaluated true, logs partial matches with contextual slices, and reduces the amount of data written for large fields. Cloudflare also optimized regex compilation and memory usage, shrank median log sizes, and plans further work on binary formats and expanded WAF coverage.

🔒 AWS is introducing flat-rate pricing plans for CloudFront that bundle global CDN delivery with built-in security (WAF, DDoS protection), Route 53 DNS, CloudWatch Logs ingestion, serverless edge compute, and monthly S3 storage credits. Plans eliminate overage charges so traffic spikes or attacks won’t trigger surprise fees. Tiers include Free, Pro ($15), Business ($200) and Premium ($1,000), and pay-as-you-go remains an option.

🔒 KnowBe4 has identified a new phishing-as-a-service platform called Quantum Route Redirect that automates large-scale credential theft across roughly 90 countries and is hosted on about 1,000 domains. The kit distinguishes security tools from real users to evade URL scanning and some web application firewalls, routing victims to Microsoft 365 credential-harvesting pages. It includes redirect configuration, traffic analytics, monitoring dashboards and themed lures such as DocuSign and payroll impersonations. KnowBe4 urges multi-layered defenses including NLP-driven email analysis, sandboxing, continuous monitoring and rapid incident response.

🔒 Check Point expands CloudGuard to protect GenAI applications by extending the ML-driven, open-source CloudGuard WAF that learns from live traffic. The platform moves beyond traditional static WAFs to secure web interactions, APIs (REST, GraphQL) and model-integrated endpoints with continuous learning and high threat-prevention accuracy. This evolution targets modern attack surfaces introduced by generative AI workloads and APIs.

🛡️ The article explains how malicious SEO operations use keyword stuffing, purchased backlinks, cloaking and mass-produced content to bury legitimate sites in search results. It warns that generative AI now amplifies this threat by producing tens of thousands of spam articles, spinning up fake social accounts and enabling more sophisticated cloaking. Defenders must deploy AI-based detection, graph-level backlink analysis and network behavioral analytics to spot coordinated abuse. The piece emphasizes proactive, ecosystem-wide monitoring to protect trust and legitimate businesses online.

🛡️ Cloud Armor introduces hierarchical security policies and organization-scoped address groups to simplify centralized policy management across organization, folder, and project levels. The release also includes GA support for JA4 network fingerprinting and ASN/NTI controls for Media CDN, while an enhanced WAF request-body inspection (preview) expands inspection from 8 KB to 64 KB. These updates are designed to strengthen threat protection and reduce operational complexity for hybrid and multicloud deployments.