This article outlines the updated OWASP Top Ten list for 2025, highlighting critical web application security risks. It introduces two new categories and shifts existing ones based on survey data and trends in software vulnerabilities. Each category is defined by specific weaknesses, helping organizations focus on key security issues.

This article outlines key security vulnerabilities identified by NVIDIA's AI Red Team in large language model (LLM) applications. It highlights risks such as remote code execution from LLM-generated code, insecure access in retrieval-augmented generation, and data exfiltration through active content rendering. The blog offers practical mitigation strategies for these issues.

The article explores the critical web vulnerability known as Insecure Direct Object References (IDOR), a common issue in access control that allows unauthorized users to access or modify data by manipulating identifiers in URLs and requests. It emphasizes the importance of proper access control mechanisms, outlines various types of access control flaws, and provides practical strategies for identifying and exploiting these vulnerabilities during bug bounty hunting.