Imperva Threat Research

Chrome, Vivaldi, and the challenge of changing browsers

React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff

AndyC 10 April 2026

Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported...

N8N: Shared Credentials and Account Takeover

AndyC 4 March 2026

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s...

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

AndyC 27 January 2026

What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy...

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

As breakout time accelerates, prevention-first cybersecurity takes center stage

AndyC 8 April 2026

Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster...

Digital assets after death: Managing risks to your loved one’s digital estate

AndyC 2 April 2026

Digital Security Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Phil Muncaster 01...

This month in security with Tony Anscombe – March 2026 edition

AndyC 1 April 2026

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan 31 Mar...