Latest news with #HTTP
Business Wire
4 days ago
- Business Wire
PortSwigger Research Sheds Light on HTTP/1.1 Vulnerabilities, Urges Industry Shift Toward Safer Protocols
KNUTSFORD, England--(BUSINESS WIRE)--PortSwigger, a renowned application security software provider, is issuing a bold challenge to the web security community: it's time to retire HTTP/1.1 for good. At Black Hat USA and DEF CON, James Kettle, Director of Research at PortSwigger, unveils the fourth wave of his research that takes aim at 'HTTP request smuggling,' a critical and widespread vulnerability that affects even some of the most mature, security-conscious organizations. PortSwigger first brought this class of vulnerabilities to prominence in 2019. Now, new research shows that over 22 million websites – including major household names – have remained susceptible to brand new variants of these attacks. Drawing on six years of research, Kettle is calling on the technology community to recognize that request smuggling is not simply an implementation flaw, but rather an inherent vulnerability in the HTTP/1.1 protocol. 'The time has come to acknowledge that this isn't an issue with individual websites, but a fundamental flaw that's baked into the protocol,' said PortSwigger's Director of Research, James Kettle. 'Over the last six years, the industry has not properly fixed request smuggling. It's time we recognize that we can't patch our way to a secure HTTP/1.1 - the foundation is broken and only safe for the simplest of systems. The only real solution is to cut the problem out at the root by retiring the now decades-old technology that still underpins around 50% of communication between browsers and websites - HTTP/1.1.' PortSwigger is supporting Kettle's research with a call to action: Groundbreaking new research – James Kettle's 2025 desync paper demonstrates novel vectors never before seen. New educational resources – A hands-on Web Security Academy lab teaches the latest request smuggling techniques in a safe environment. Enhanced Burp Suite tooling – New versions of HTTP Request Smuggler and the brand-new HTTP Stream Hacker allow researchers to test for these issues both manually and through scalable automation. PortSwigger stands alone in the cybersecurity industry by offering an unparalleled combination of original research, comprehensive training resources, and deeply integrated testing tools. With Burp Suite Professional and Burp Suite DAST, security professionals are uniquely empowered to detect complex infrastructure-level vulnerabilities, including advanced request smuggling variants that often evade traditional scanning solutions. Through these innovative offerings, PortSwigger is leading the way toward a safer, more secure web. Read Kettle's research here: PortSwigger is a leading provider of web application security solutions, best known for its industry-leading Burp Suite software. The company is dedicated to equipping security professionals and organizations with the tools and knowledge to stay ahead of evolving cyber threats. Learn more at
Time Business News
30-07-2025
- Business
- Time Business News
Web Application Firewall in Saudi Arabia for FinTech Security
Nowadays, FinTech companies are growing rapidly in Saudi Arabia. People are doing banking and financial activities online and it is important to have strong security. That's why a Web Application Firewall (WAF) is being used, which keeps the websites safe. This article will focus on how important Web Application Firewall has become for Fintech Security in Saudi Arabia. Web Application Firewall is a security system that protects your website from dangerous attacks on the internet. It scans every incoming and outgoing HTTP or HTTPS traffic and decides whether the request is safe or harmful. A Web Application Firewall works like a shield that is placed between the client (user) and the web server. Full Protection from Cyber Attacks Today, fintech platforms have become soft targets for cyber attackers. Threats like SQL injection, XSS, and zero-day attacks are active all the time. If you don't have WAF, these attacks can easily damage your app. But when you use it, the system automatically filters harmful requests and protects the application. In a market like Saudi Arabia, where fintech is rapidly growing under Vision 2030, this protection is a must. Regulatory Compliance Becomes Easy In Saudi Arabia, fintech companies must follow strict rules of regulators like SAMA and CST. According to these rules, you have to implement strong cybersecurity systems. WAF makes your compliance journey easy. It not only detects threats but also maintains logs that come in handy during audits. If you want to build trust in the Saudi market, you cannot compromise with compliance — and WAF is the best way to stay prepared. Real-time Monitoring & Smart Threat Detection Modern WAFs not only provide protection but also do smart monitoring. Through real-time analytics, you get to know who is accessing, what type of traffic is coming, and if there is any suspicious activity, you get an immediate alert. Using AI and machine learning, WAF automatically detects risky behavior. This level of security is critical for fintech apps where people are making transactions, using wallets, or applying for credit. In Saudi's fast-moving fintech ecosystem, you must be proactive. Build customer trust becomes easy Saudi users are adopting digital banking, but they have only one demand – security. If their data is leaked or their accounts are breached, they will never trust again. WAF keeps your web app safe so that no one can touch the user's personal and financial data. When the customer sees that the platform is fully secure, then he confidently makes transactions. Trust once broken, is hard to rebuild – but with WAF you will be already prepared. As Saudi Arabia's fintech sector is growing rapidly, security has become a major need. Web Application Firewall has become a strong digital shield which is a must-have for every fintech company. It not only protects against cyber-attacks but also simplifies regulatory compliance. Through real-time monitoring and AI-based threat detection, WAF catches every suspicious activity instantly. The most important thing – when the customer feels that the platform is secure, only then he trusts it and does transactions without fear. Trust is everything in the fintech world and WAF can be the best tool to maintain that trust. TIME BUSINESS NEWS
The Hindu
17-07-2025
- The Hindu
Cloudflare blocked 7.3 million DDoS attacks in Q2 2025, India fourth most attacked country
Cloudflare blocked 7.3 million Distributed Denial of Service (DDoS) attacks in Q2 2025, a drop from Q1's 20.5 million, but 44% higher year-over-year (YoY) compared to Q2 2024. While network-layer attacks dropped 81% quarter-over-quarter (QoQ), Hypertext Transfer Protocol (HTTP) attacks rose 9% from Q1, and a staggering 129% from Q2 2024, totaling 4.1 million, noted the 22nd edition of the Cloudflare DDoS threat report. China became the most attacked country in Q2 2025, followed by Brazil, Germany and India. Russia and Vietnam saw dramatic leaps into the top 10 most attacked locations, jumping forty and fifteen places respectively. Indonesia rose to the number one source of DDoS attacks, followed by Singapore and Hong Kong. Russia and Ecuador also made major climbs into the top 10. Telecommunications, service providers and carriers topped the list of most attacked industries in Q2. The internet and IT sectors followed, while agriculture made a surprising 38-spot jump to eighth place. (For top technology news of the day, subscribe to our tech newsletter Today's Cache) June was the busiest month for DDoS attacks in Q2, accounting for nearly 38% of all observed activity. One notable target was an independent Eastern European news outlet protected by Cloudflare, which reported being attacked following its coverage of a local Pride parade during LGBTQ Pride Month. Overall, in Q2, hyper-volumetric DDoS attacks skyrocketed. Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 per day. Hyper-volumetric attacks include L3/4 DDoS attacks exceeding 1 Bpps or 1 Tbps, and HTTP DDoS attacks exceeding 1 million requests per second (Mrps). A majority (71%) of respondents said they didn't know who was behind the DDoS attacks they experienced in 2025 Q2. 29% claimed to have identified the threat actor, 63% pointed to competitors, a pattern especially common in the Gaming, Gambling and Crypto industries. Another 21% attributed the attack to state-level or state-sponsored actors, while 5% each said they'd inadvertently attacked themselves (self-DDoS), were targeted by extortionists, or suffered an assault from disgruntled customers/users.
Time Business News
09-07-2025
- Business
- Time Business News
The Power of Omicrom Cloud: Your Ultimate News API Solution
In today's fast-paced digital world, accessing real-time, reliable news data is crucial for developers, businesses, and researchers. Whether you're building a news aggregation app, conducting market research, or integrating headlines into your platform, having a robust News API is essential. Omicrom Cloud stands out as a premier solution, offering a seamless, scalable, and cost-effective way to fetch the latest news from around the globe. Omicrom Cloud provides a high-performance News API that delivers up-to-date news articles from thousands of trusted sources. Here's why it's the go-to choice for developers and businesses: Comprehensive News Coverage – Access breaking news, trending stories, and historical articles across multiple categories, including business, technology, sports, and entertainment. – Access breaking news, trending stories, and historical articles across multiple categories, including business, technology, sports, and entertainment. Lightning-Fast Speed – Optimized for low-latency responses, ensuring your applications retrieve data in milliseconds. – Optimized for low-latency responses, ensuring your applications retrieve data in milliseconds. Easy Integration – With clear documentation , integrating Omicrom Cloud's API into your project is effortless. – With clear , integrating Omicrom Cloud's API into your project is effortless. Affordable Pricing – Whether you're a startup or an enterprise, Omicrom Cloud offers flexible pricing plans to fit your needs, including a free tier for testing and small-scale projects. For developers looking for a no-cost solution, Omicrom Cloud's free News API tier is an excellent starting point. It allows you to: Fetch a limited number of news articles per month at no charge. Test API functionality before committing to a paid plan. Build prototypes or small applications without upfront costs. While free tiers have limitations, they provide enough data to evaluate the API's capabilities before scaling up. How to Get Started Integrating Omicrom Cloud's News API is straightforward: Sign Up & Get Your API Key – Register on Omicrom Cloud and obtain your unique API key from the documentation page. Explore the API Endpoints – Use the well-documented endpoints to fetch news by category, keyword, or date. Integrate into Your App – Make HTTP requests to the API and display news data in your application. Use Cases for Omicrom Cloud's News API News Aggregators – Build platforms like Google News or Flipboard with customized feeds. – Build platforms like Google News or Flipboard with customized feeds. Financial Analysis – Track market-moving news for stock prediction models. – Track market-moving news for stock prediction models. Content Curation – Automatically source articles for blogs or newsletters. – Automatically source articles for blogs or newsletters. AI & Machine Learning – Train NLP models on real-world news datasets. Conclusion Omicrom Cloud's News API is a powerful, developer-friendly tool that simplifies news data retrieval. With its free tier, competitive pricing, and extensive documentation, it's the ideal choice for anyone needing reliable news integration. Ready to elevate your project with real-time news? Try Omicrom Cloud today and experience the difference! TIME BUSINESS NEWS
Al Etihad
02-07-2025
- Business
- Al Etihad
Cloudflare enables content owners to charge AI crawlers for access
2 July 2025 17:21 MAITHEM AL ANBARI (ABU DHABI)Internet company Cloudflare has launched a new 'pay-per-crawl' system, which allows website owners to charge AI crawlers whenever they seek access to their will give domain owners complete control over their monetisation strategies, Cloudflare said. They can establish a consistent fee per request for their entire site. By default, this new system will prevent artificial intelligence crawlers from accessing content without the consent or financial remuneration of website owners, the company mentioned that the request headers will indicate whether access is granted or if a payment is required, along with the associated pricing. The company will act as the Merchant of Record for the pay-per-crawl system and will also provide the necessary technical average, Cloudflare handles 78 million HTTP requests per second and provides data services for 330 cities across more than 125 countries. Approximately 16% of worldwide internet traffic is processed directly by Cloudflare's content delivery network, according to the company's estimates.
