Blogs

This article describes how we tested the efficacy of several leading WAF solutions in real-world conditions and the test's striking results.

React Server Components (RSC) and Server Functions in React 19 are at the center of a new critical vulnerability, CVE‑2025‑55182 , widely referred to as React2Shell . The issue is rated CVSS 10.0  and allows an unauthenticated remote attacker to achieve remote code execution (RCE)  on servers handling RSC traffic. In this post we’ll briefly cover the impact, who is affected, what you should do now, and how open-appsec and CloudGuard WAF (open-appsec's enterprise edition) pr

For years, cybersecurity strategies have been obsessed with prevention: keep attackers out, patch vulnerabilities, and strengthen...

The internet never sleeps, and neither do cyber threats. Every second, somewhere in the world, a system is being probed for weaknesses,...

The new open-appsec WAF plugin for Kong Gateway (beta) brings machine-learning-powered security to your API gateway — protecting against OWASP Top 10, zero-day attacks, and more without signatures. Now available for Kong OSS and Enterprise, running on Linux, Docker, and Kubernetes.

open-appsec now offers beta integration with Istio Ingress Gateway, enhancing Kubernetes environments by protecting web applications from various attacks using AI-driven WAF technology. This integration adds security at the edge of service meshes, leveraging Istio’s advanced traffic management features.

CRA-Ready.org is built to help businesses understand and meet the requirements of the European Union’s Cyber Resilience Act (CRA). The CRA introduces mandatory cybersecurity obligations for all digital products—software and connected hardware—sold in the EU. This includes consumer apps, industrial control systems, IoT devices, and even open-source components used in commercial contexts.

As organizations embrace the flexibility and resilience of multi-cloud and hybrid architectures, a new challenge emerges: how do you...

While traditional Web Application Firewalls (WAFs) have long been the go-to solution for protecting web applications, modern architectures demand a new approach. In this blog, we’ll explore the key differences between open-appsec and traditional WAFs — and why organizations are making the switch.

open-appsec's Learning levels provide a clear path for maximizing the machine learning's performance and the WAF’s overall protection. This blog explains the progression of learning levels in open-appsec, how to track them, and the steps necessary to optimize and transition from Detect mode to Prevent mode, and how to enhance the learning after already reaching Prevent mode. 

Could your web app be under attack as we speak? Cyber attackers and automated bots are moving in the shadows, quietly looking for weak...

On March 24, 2025, WIZ Research disclosed critical vulnerabilities in the Kubernetes Ingress NGINX Controller that allow unsanitized user...