
Imperva
Application security and DDoS mitigation firm owned by Thales; provides web application firewall and API security products, and publishes exploitation telemetry.
Last refreshed: 29 May 2026 · Appears in 1 active topic
How did Imperva detect 15,000 Drupal attacks in 65 countries within two days of a CVE being published?
Timeline for Imperva
Observed active attack traffic targeting vulnerable Magento stores
Cybersecurity: Threats and Defences: Magento RCE forces 9-day patch raceLogged over 15,000 attack attempts against ~6,000 sites across 65 countries within 48 hours
Cybersecurity: Threats and Defences: Drupal SQL flaw hits PostgreSQL sitesWho is Imperva and what do they do?
What Imperva data showed the Drupal SQL injection was being mass-exploited?
Background
Imperva is an application and data security company offering web application firewall (WAF), DDoS mitigation, bot management, and data security products to enterprises globally. Founded in 2002 and publicly traded until its acquisition by Thales Group in 2023 for approximately $3.6 billion, Imperva operates a large inline traffic inspection network that gives it visibility into global exploitation patterns at scale. Its threat research team regularly publishes exploitation telemetry that informs the wider security community's response to newly disclosed vulnerabilities.
In May 2026, Imperva's sensors recorded the mass exploitation of CVE-2026-9082, the Drupal Core SQL injection vulnerability disclosed on 23 May 2026. Imperva telemetry documented more than 15,000 exploitation attempts targeting approximately 6,000 Drupal sites across 65 countries within 48 hours of the advisory's publication. This telemetry was instrumental in demonstrating the Velocity of exploitation and informing both CISA's KEV listing and enterprise patching urgency.
Imperva's role in the CVE-2026-9082 response illustrates the growing importance of large-scale inline inspection providers in the public vulnerability-response ecosystem. Because Imperva operates between attackers and web applications for thousands of customers, its sensors effectively form a distributed honeypot that surfaces exploitation campaigns in near-real time. Under Thales ownership, Imperva has expanded its European footprint, positioning itself as a sovereign-friendly security option for EU enterprises navigating the NIS2 compliance landscape.