Latest news with #WebApplicationFirewall
Engadget
2 days ago
- Engadget
Perplexity is allegedly scraping websites it's not supposed to, again
Web crawlers deployed by Perplexity to scrape websites are allegedly skirting restrictions, according to a new report from Cloudflare. Specifically, the report claims that the company's bots appear to be "stealth crawling" sites by disguising their identity to get around files and firewalls. is a simple file websites host that lets web crawlers know if they can scrape a websites' content or not. Perplexity's official web crawling bots are "PerplexityBot" and "Perplexity-User." In Cloudflare's tests, Perplexity was still able to display the content of a new, unindexed website, even when those specific bots were blocked by The behavior extended to websites with specific Web Application Firewall (WAF) rules that restricted web crawlers, as well. Cloudflare believes that Perplexity is getting around those obstacles by using "a generic browser intended to impersonate Google Chrome on macOS" when prohibits its normal bots. In Cloudlfare's tests, the company's undeclared crawler could also rotate through IP addresses not listed in Perplexity's official IP range to get through firewalls. Cloudflare says that Perplexity appears to be doing the same thing with autonomous system numbers (ASNs) — an identifier for IP addresses operated by the same business — writing that it spotted the crawler switching ASNs "across tens of thousands of domains and millions of requests per day." Engadget has reached out to Perplexity for comment on Cloudflare's report. We'll update this article if we hear back. Up-to-date information from websites is vital to companies training AI models, especially as service's like Perplexity are used as replacements for search engines. Perplexity has also been caught in the past circumventing the rules to stay up-to-date. Multiple websites reported in 2024 that Perplexity was still accessing their content despite them forbidding it in — something the company blamed on the third-party web crawlers it was using at the time. Perplexity later partnered with multiple publishers to share revenue earned from ads displayed alongside their content, seemingly as a make-good for its past behavior. Stopping companies from scraping content from the web will likely remain a game of whack-a-mole. In the meantime, Cloudflare has removed Perplexity's bots from its list of verified bots and implemented a way to identify and block Perplexity's stealth crawler from accessing its customers' content.
Time Business News
30-07-2025
- Business
- Time Business News
Web Application Firewall in Saudi Arabia for FinTech Security
Nowadays, FinTech companies are growing rapidly in Saudi Arabia. People are doing banking and financial activities online and it is important to have strong security. That's why a Web Application Firewall (WAF) is being used, which keeps the websites safe. This article will focus on how important Web Application Firewall has become for Fintech Security in Saudi Arabia. Web Application Firewall is a security system that protects your website from dangerous attacks on the internet. It scans every incoming and outgoing HTTP or HTTPS traffic and decides whether the request is safe or harmful. A Web Application Firewall works like a shield that is placed between the client (user) and the web server. Full Protection from Cyber Attacks Today, fintech platforms have become soft targets for cyber attackers. Threats like SQL injection, XSS, and zero-day attacks are active all the time. If you don't have WAF, these attacks can easily damage your app. But when you use it, the system automatically filters harmful requests and protects the application. In a market like Saudi Arabia, where fintech is rapidly growing under Vision 2030, this protection is a must. Regulatory Compliance Becomes Easy In Saudi Arabia, fintech companies must follow strict rules of regulators like SAMA and CST. According to these rules, you have to implement strong cybersecurity systems. WAF makes your compliance journey easy. It not only detects threats but also maintains logs that come in handy during audits. If you want to build trust in the Saudi market, you cannot compromise with compliance — and WAF is the best way to stay prepared. Real-time Monitoring & Smart Threat Detection Modern WAFs not only provide protection but also do smart monitoring. Through real-time analytics, you get to know who is accessing, what type of traffic is coming, and if there is any suspicious activity, you get an immediate alert. Using AI and machine learning, WAF automatically detects risky behavior. This level of security is critical for fintech apps where people are making transactions, using wallets, or applying for credit. In Saudi's fast-moving fintech ecosystem, you must be proactive. Build customer trust becomes easy Saudi users are adopting digital banking, but they have only one demand – security. If their data is leaked or their accounts are breached, they will never trust again. WAF keeps your web app safe so that no one can touch the user's personal and financial data. When the customer sees that the platform is fully secure, then he confidently makes transactions. Trust once broken, is hard to rebuild – but with WAF you will be already prepared. As Saudi Arabia's fintech sector is growing rapidly, security has become a major need. Web Application Firewall has become a strong digital shield which is a must-have for every fintech company. It not only protects against cyber-attacks but also simplifies regulatory compliance. Through real-time monitoring and AI-based threat detection, WAF catches every suspicious activity instantly. The most important thing – when the customer feels that the platform is secure, only then he trusts it and does transactions without fear. Trust is everything in the fintech world and WAF can be the best tool to maintain that trust. TIME BUSINESS NEWS
TECHx
28-07-2025
- Business
- TECHx
Cloudflare Reveals Q2 2025 Global Internet and Cyber Threat
Home » Emerging technologies » Cyber Security » Cloudflare Reveals Q2 2025 Global Internet and Cyber Threat Trends Cloudflare has announced its Q2 2025 Global Internet Trends and Insights report, revealing important shifts in web traffic and cybersecurity patterns worldwide. The company reported blocking an average of 190 billion cyber threats daily, marking a 21% increase year-over-year (YoY). Despite this, threat volume dropped 23% quarter-over-quarter (QoQ) following a surge earlier in the year. Additionally, Cloudflare handled 5.8 trillion daily internet requests globally, showing a 9% increase QoQ and a 40% rise YoY. Regionally, North America blocked 41.5 billion daily threats, up 18% YoY but down 12% QoQ. Europe, Middle East & Africa (EMEA) saw 62.7 billion threats blocked daily, up 22% YoY and down 16% QoQ. Asia-Pacific (APAC) recorded 57.4 billion daily blocks, up 24% YoY and down 29% QoQ. Latin America (LATAM) blocked 19 billion threats daily, with a 15% YoY rise but a 36% drop QoQ. In the Kingdom of Saudi Arabia (KSA), internet traffic remained steady from Q1 to Q2 2025. However, mitigated cyber threats decreased by 6% QoQ. The region faced 294 million cyber threats blocked daily, showing a significant 76% decrease QoQ, following a major attack spike in Q1. Key targeted sectors included Internet, Consumer Goods, IT Services, and Airlines. Meanwhile, the United Arab Emirates (UAE) experienced a 15% increase in internet traffic and a 17% rise in mitigated threats QoQ. The UAE blocked 1 billion cyber threats daily, a 63% increase QoQ. Top targeted industries were Retail, Consumer Services, Banking, and Information Services. Cloudflare also detailed defenses against application layer attacks. In KSA, Web Application Firewall (WAF) rules accounted for 92% of defenses, with HTTP Anomaly, Cross-site Scripting (XSS), and Directory Traversal as the most active rules. In the UAE, DDoS mitigations and WAF rules were nearly balanced at 50% and 49%, respectively, with HTTP Anomaly, SQL Injection (SQLi), and XSS as leading categories. Bashar Bashaireh, AVP Middle East, Türkiye & North Africa at Cloudflare, stated that the data highlights the dual reality of rapid internet growth alongside increasingly sophisticated cyber threats. He emphasized Cloudflare's commitment to providing a secure, fast, and reliable internet experience worldwide. Key points: Cloudflare blocked 190 billion daily cyber threats in Q2 2025, up 21% YoY. Internet traffic and cyber threats varied regionally, with notable increases in UAE. Application layer defenses focused on WAF rules and DDoS mitigations. This report underscores the evolving landscape of internet usage and cybersecurity challenges globally and regionally.
The Sun
24-07-2025
- Business
- The Sun
CDNetworks Named a Key WAF & Cloud Security Provider in ITR's 2025 Japan Cyber Security Market Report
SINGAPORE - Media OutReach Newswire - 24 July 2025 - CDNetworks, the APAC-leading network to deliver edge as a service, today announced that it has been recognized as one of the key WAF & Cloud Security providers in Japan's cybersecurity market, according to the ITR Market View: Cyber Security Solutions Market 2025, a market survey report published by ITR Corporation, Japan's leading IT market research authority. This acknowledgment reinforces CDNetworks' strong position in Japan's cloud security landscape and underscores the trust that local enterprises place in its ability to deliver comprehensive, tailored security solutions amid an increasingly complex threat environment. ' As Japanese enterprises look to strengthen their network security posture, many struggle with limited in-house expertise,' said Antony Li, APAC Head of Sales at CDNetworks. 'This makes having a trusted partner—one with decades of experience and intelligent, easy-to-operate solutions—more critical than ever to simplify operations and mitigate risk. We're honored that ITR has recognized our commitment by naming us a key WAF and Cloud Security provider in Japan. ' CDNetworks' flagship solution, Cloud Security 2.0, integrates advanced AI and machine learning with a cloud-native architecture, delivering multi-layered protection through DDoS Protection, Web Application Firewall (WAF), Bot Management, and API Security—all unified on a single platform. These core capabilities are powerfully enhanced by an AI Engine that continuously analyzes traffic, identifies anomalies, and autonomously adapts to defend against emerging threats, helping enterprises stay ahead of attackers. To learn more about CDNetworks' Cloud Security 2.0, please visit here.
Arabian Post
15-07-2025
- Business
- Arabian Post
Miggo Revolutionises Vulnerability Management with Predictive VulnDB
Miggo has unveiled VulnDB, a free, predictive vulnerability database designed to overhaul how organisations assess and prioritise software risks. By combining runtime context, exploit simulations and function-level tracing, VulnDB shifts the paradigm from reactive vulnerability tracking to proactive threat prediction, promising to drastically reduce noise from Common Vulnerabilities and Exposures and highlight only those flaws that truly matter in a live environment. At launch, VulnDB distinguishes itself by pinpointing the exact functions that introduce risk and determining whether they are exploitable within an application's runtime. This level of precision enables security teams to focus remediation efforts on actionable threats, rather than sifting through thousands of potential vulnerabilities with uncertain impact. Miggo claims the system begins analysis within seconds of a CVE's publication—tracing, simulating exploits, and providing real‑time insights without human intervention. The platform's open-access offering grants all users technical root‑cause analysis, exploitation conditions, and function‑level mapping—electricity for developers seeking to stay ahead of attackers. Enterprise customers gain an additional layer of protection through dynamic Web Application Firewall rules that adapt based on emerging exploit patterns. ADVERTISEMENT Miggo's predictive approach addresses a significant problem in contemporary cybersecurity: the overwhelming volume of CVEs—tens of thousands annually—that often remain theoretical until they intersect with specific applications. By integrating runtime observability and exploit simulation, VulnDB avoids false positives and delivers prioritisation in line with real-world risk. The company's roots lie in its Application Detection and Response platform, launched last year with US$7.5 million in seed funding from YL Ventures and other top-tier investors. ADR provides visibility into live application behaviour, maps distributed application components, detects deviations and enacts mitigation, enabling precise runtime threat containment. VulnDB extends this capability by delivering predictive intelligence to a broader user base. CEO Daniel Shechter highlights that applications remain a primary attack vector, driven by both architectural complexity and attacker focus on runtime behaviour. CTO Itai Goldman emphasises that 'everyone's drowning in CVEs, but no one's telling you which ones can actually be exploited through your app'. Their message resonates as security teams confront a growing technical debt and shrinking remediation bandwidth. Experts in the security community note that the addition of exploit simulation—a process where potential attacks are modelled in a sandbox—provides tangible value. It shifts vulnerability management from inventory-driven triage to contextual decision-making based on whether a flaw is reachable, exploitable and present in live infrastructure. Miggo's timing aligns with intensifying pressure on organisations to shrink the window between discovery and exploitation. High-profile breaches such as MOVEit, SharePoint and Ivanti have exposed how attackers can weaponise vulnerabilities before manual patching practices can catch up. In such a high‑velocity threat landscape, VulnDB's speedy automation and runtime anchoring offer clear advantages. Miggo also addresses concerns over transparency and data equity by making its intelligence publicly accessible. This open baseline encourages broader adoption, while its enterprise tier amplifies value with live defences and tailored context. Head of Research Liad Eliyahu explains the strategy: 'Security isn't about knowing everything. It's about knowing what matters'. Academic studies on vulnerability prediction, such as the TROVON model, underline the ongoing struggle to differentiate high-risk components from noisy datasets. Miggo bypasses much of this complexity by utilising runtime evidence rather than historical inference, offering a practical complement to academic approaches. Early adopters report that VulnDB has streamlined vulnerability workflows, replacing CVE overwhelm with targeted insights. With free access available now on Miggo's website, developers and security teams are encouraged to trial predictive intelligence and integrate it with existing CI/CD pipelines.
