XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.
The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182.
The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek.
The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early.
The post Clover Security Raises $36 Million to Secure Software by Design appeared first on SecurityWeek.
Learn why legacy approaches fail to stop modern API threats and show how dedicated API security delivers the visibility, protection, and automation needed to defend against today’s evolving risks.
The post Webinar Today: Protecting What WAFs and Gateways Can’t See – Register appeared first on SecurityWeek.
A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.
The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign appeared first on SecurityWeek.
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.
The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well.
The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek.
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.
The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.
Bugcrowd said the acquisition of Mayhem has nearly doubled its valuation — previously reported at over $1 billion.
The post Bugcrowd Acquires Application Security Firm Mayhem appeared first on SecurityWeek.
Kolter leads a panel at OpenAI that has the authority to halt the ChatGPT maker’s release of new AI systems if it finds them unsafe.
The post Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases appeared first on SecurityWeek.
