OWASP

Prompt injection still drives most agentic AI security failures in production

agentic AI, AI, cybersecurity, Don't miss, News, OWASP, report, threats /

Prompt injection still drives most agentic AI security failures in production 2026-06-11 at 08:43 By Anamarija Pogorelec A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent […]

Prompt injection still drives most agentic AI security failures in production Read More »

DockSec: Open-source AI-powered Docker security scanner

containers, Docker, Don't miss, GitHub, Hot stuff, News, open source, OWASP, scanner, software /

DockSec: Open-source AI-powered Docker security scanner 2026-06-08 at 13:09 By Mirko Zorz DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns

DockSec: Open-source AI-powered Docker security scanner Read More »

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

agentic AI, Don't miss, GitHub, News, open source, OWASP, software /

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory 2026-06-01 at 08:19 By Mirko Zorz AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

Don't miss, GitHub, News, open source, OWASP, scanner, software, software development, vulnerability assessment /

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security /

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

LLMs are everywhere in your stack and every layer brings new risk

Artificial Intelligence, Don't miss, DryRun Security, LLMs, News, OWASP, report /

LLMs are everywhere in your stack and every layer brings new risk 2025-12-10 at 07:52 By Mirko Zorz LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, application

LLMs are everywhere in your stack and every layer brings new risk Read More »

Two New Web Application Risk Categories Added to OWASP Top 10

Application Security, OWASP, OWASP Top 10, vulnerability, web application /

Two New Web Application Risk Categories Added to OWASP Top 10 2025-11-10 at 15:21 By Ionut Arghire OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first

Two New Web Application Risk Categories Added to OWASP Top 10 Read More »

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

CISO, cyber resilience, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, MITRE ATT&CK, News, OWASP, reconnaissance, research, security operations, SOC /

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior 2025-09-01 at 09:21 By Mirko Zorz A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior Read More »

Cervantes: Open-source, collaborative platform for pentesters and red teams

cybersecurity, Don't miss, GitHub, News, open source, OWASP, penetration testing, red team, software /

Cervantes: Open-source, collaborative platform for pentesters and red teams 2025-07-23 at 08:31 By Mirko Zorz Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and reports, all in one place. By streamlining data organization and team coordination, it helps reduce the time

Cervantes: Open-source, collaborative platform for pentesters and red teams Read More »

Before scaling GenAI, map your LLM usage and risk zones

Application Security, ArmorCode, Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, Lakera, LLMs, News, OWASP, policy, Straiker, The Motley Fool /

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

Before scaling GenAI, map your LLM usage and risk zones Read More »

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

cybersecurity, Don't miss, GitHub, News, open source, OWASP, scanning, software, vulnerability assessment /

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »

Dependency-Check: Open-source Software Composition Analysis (SCA) tool

CVE, cybersecurity, Don't miss, GitHub, News, OWASP, software /

Dependency-Check: Open-source Software Composition Analysis (SCA) tool 2025-03-19 at 07:47 By Help Net Security Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links to

Dependency-Check: Open-source Software Composition Analysis (SCA) tool Read More »

Infosec products of the month: May 2024

Abnormal Security, Adaptive Shield, Appdome, AuditBoard, Calix, Cranium, CyberArk, Cybersixgill, Dashlane, Datadog, Detectify, Eclypsium, ExtraHop, FireMon, Forcepoint, ManageEngine, News, OneTrust, OWASP, PlexTrac, Proofpoint, Secure Code Warrior, SentinelOne, Snyk, Splunk, Strike Graph, Sumo Logic, Synopsys, Trellix, Truecaller /

Infosec products of the month: May 2024 2024-06-03 at 05:46 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Adaptive Shield, Appdome, AuditBoard, Calix, Cranium, CyberArk, Cybersixgill, Dashlane, Datadog, Detectify, Eclypsium, ExtraHop, FireMon, Forcepoint, ManageEngine, OneTrust, OWASP Foundation, PlexTrac, Proofpoint, Secure Code Warrior,

Infosec products of the month: May 2024 Read More »

New infosec products of the week: May 17, 2024

Calix, FireMon, ManageEngine, News, OWASP /

New infosec products of the week: May 17, 2024 2024-05-17 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation. Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools Calix unveiled updates to SmartBiz, a purpose-built

New infosec products of the week: May 17, 2024 Read More »

OWASP dep-scan: Open-source security and risk audit tool

AppThreat, Don't miss, GitHub, Hot stuff, News, open source, OWASP, risk assessment, software /

OWASP dep-scan: Open-source security and risk audit tool 2024-05-16 at 08:01 By Mirko Zorz OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and

OWASP dep-scan: Open-source security and risk audit tool Read More »

OWASP Data Breach Caused by Server Misconfiguration

data breach, Data Breaches, Featured, OWASP /

OWASP Data Breach Caused by Server Misconfiguration 2024-04-02 at 14:16 By Ionut Arghire The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

OWASP Data Breach Caused by Server Misconfiguration Read More »

Is the new OWASP API Top 10 helpful to defenders?

API security, attacks, authentication, automation, bot, Cequence Security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, OWASP, SSO /

Is the new OWASP API Top 10 helpful to defenders? 30/08/2023 at 07:32 By Help Net Security The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated

Is the new OWASP API Top 10 helpful to defenders? Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software /

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

8 open-source OSINT tools you should try Read More »

10 open-source recon tools worth your time

cybersecurity, Don't miss, Hot stuff, News, open source, OWASP, penetration testing, software /

10 open-source recon tools worth your time 20/06/2023 at 07:02 By Help Net Security Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is

10 open-source recon tools worth your time Read More »

OWASP’s 2023 API Security Top 10 Refines View of API Risks

API, Application Security, OWASP /

OWASP’s 2023 API Security Top 10 Refines View of API Risks 07/06/2023 at 15:49 By Kevin Townsend OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts. The post OWASP’s 2023 API Security Top 10 Refines View

OWASP’s 2023 API Security Top 10 Refines View of API Risks Read More »

Scroll to Top