CSOonline

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old standbys, like broken access control, are still at the top. Software supply ...
Bleeping Computer

The Real-World Attacks Behind OWASP Agentic AI Top 10

OWASP just released the Top 10 for Agentic Applications 2026 - the first security framework dedicated to autonomous AI agents. We've been tracking threats in this space for over a year. Two of our ...
SecurityWeek

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The MITRE Corporation has released an updated Common ...
CPO Magazine

OWASP Top 10 2025: Access Control Issues, Security Misconfigurations, Supply Chain Issues Top App Risk List

The Open Worldwide Application Security Project (OWASP) has updated its Top 10 list of web application risks for the first time since 2021, and has essentially created a “rebooted” version with a ...
SecurityWeek

Two New Web Application Risk Categories Added to OWASP Top 10

OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The Open Web Application Security Project (OWASP) has released a revised ...
IEEE

Interactive Cross-Language Pointer Analysis for Resolving Native Code in Java Programs

Abstract: Java offers the Java Native Interface (JNI), which allows programs running in the Java Virtual Machine to invoke and be manipulated by native applications and libraries written in other ...
Finextra

Scala Security Vulnerabilities: Every Businessperson Must Know This

Scala applications, while powerful, can expose businesses to major risks if vulnerabilities are ignored. Common issues like insecure serialization, outdated dependencies, and unpatched Akka-based ...
InfoQ

Apple Completes Migration of Key Ecosystem Service to Swift, Gains 40% Performance Uplift

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

Add updates to CSRF Prevention in modern frameworks

AngularJS allows for setting default headers for HTTP operations. Further documentation can be found at AngularJS's documentation for [$httpProvider](https://docs ...
Cloud Security Alliance

The OWASP Top 10 for LLMs: CSA’s Strategic Defense Playbook

Written by Olivia Rempe, Community Engagement Manager, CSA. As large language models (LLMs) reshape how businesses operate and innovate, they also introduce new categories of risk. Recognizing this, ...
IEEE

Mitigating Cross-Site Request Forgery Vulnerabilities: An Examination of Prevention Systems

Abstract: Cross-Site Request Forgery (CSRF) remains a pervasive vulnerability in web applications, appearing regularly in the OWASP Top 10 lists, posing significant threats to user data and system ...
Cloud Security Alliance

How the OWASP Top 10 for LLM Applications Supports the AI Revolution

The OWASP Foundation recently introduced a new version of the OWASP Top 10 for Large Language Model Applications—which, as its name suggests, describes “the top 10 most critical vulnerabilities often ...