There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old standbys, like broken access control, are still at the top. Software supply ...

As AI agents move into production environments, security teams are grappling with a new reality: AI risk is no longer confined to what a model generates, instead it now consists of what an autonomous ...

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud ...

OWASP just released the Top 10 for Agentic Applications 2026 - the first security framework dedicated to autonomous AI agents. We've been tracking threats in this space for over a year. Two of our ...

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The MITRE Corporation has released an updated Common ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Cory Benfield discusses the evolution of ...

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform ...

Excavated with colonial labor and shipped to the Netherlands, the famous fossil is being repatriated to Indonesia along with 28,000 other fossils. The skull cap of 'Java Man' was discovered by Eugène ...

Abstract: Static Application Security Testing (SAST) tools play a critical role in detecting vulnerabilities in mobile apps by analyzing the source code without executing the app. These tools are ...

Scala applications, while powerful, can expose businesses to major risks if vulnerabilities are ignored. Common issues like insecure serialization, outdated dependencies, and unpatched Akka-based ...

AngularJS allows for setting default headers for HTTP operations. Further documentation can be found at AngularJS's documentation for [$httpProvider](https://docs ...

Written by Olivia Rempe, Community Engagement Manager, CSA. As large language models (LLMs) reshape how businesses operate and innovate, they also introduce new categories of risk. Recognizing this, ...