Vibe Coding with #AI - How businesses can manage the risks - great article! "Dunning-Kruger effect is a natural cognitive bias; the less skill or knowledge you have about a given topic, the more likely you are to overestimate competence in that area": computerweekly.com/feature/Coding…

#OWASP Agentic AI Top 10 Launch in-person event will be taking place on Wednesday 6th August 2025. Register to attend this event in-person here: 👇 lu.ma/r5oz0dys?tk=9v…

#Base44 - a popular #AI Vibe-coding tool had a critical vulnerability which allowed unauthorized access to private applications bypassing SSO: #AISecurity #AppSec 👇 thehackernews.com/2025/07/wiz-un…

#Cursor: Prompt Injection vulnerability CVE-2025-54135 (fixed in v1.3). By feeding poisoned data to the agent via MCP, an attacker can gain full remote code execution (#RCE): #AISecurity 👇 thehackernews.com/2025/08/cursor…

#OWASP Agentic #AI Top 10 Kick-Off Global Call - We are live-streaming it 📺 here: 👇 youtube.com/live/mMLG6YNm6…

A single HTTP request can make a website lose track of which responses should go to which users, resulting in massive disclosure of confidential information. This typically results in users being randomly logged into other live user's accounts. Great research from James Kettle ! 👇

#Vault: Cracking the Vault: how we found zero-day vulnerabilities (including #RCE) in authentication, identity, and authorization in #HashiCorp Vault. Some existed for nearly a decade! Great research by Cyata 👇 cyata.ai/blog/cracking-…

#WhatsApp is finally rolling out a feature that warns you if someone not in your contacts adds you to a WhatsApp group. This feature directly targets a common tactic that is used to spread scam messages and vulnerabilities via WhatsApp: about.fb.com/news/2025/08/n…

#GitHub CEO Thomas Dohmke is stepping down - the end of an era! I had the pleasure of seeing him speak live at a conference. Such an amazing guy, he once used a phrase: "Chief Nerd of our Society":🤓 github.blog/news-insights/…

#AI: Prompt injection, the lethal trifecta, and the challenges of securing systems that use MCP - a great blog post from Simon Willison. A must-read for everyone in InfoSec desperately trying to explain the dangers of blind adoption of #MCP: #AISecurity 👇 simonwillison.net/2025/Aug/9/bay…

Fascinating thread on Ethereum's zak.eth getting hacked and his wallet drained by a Supply Chain Attack: #SoftwareSupplyChainSecurity 👇

#Wordpress: Vulnerability In 3 WordPress File Plugins Affects 1.3 Million Websites. Directory Traversal (CVE-2025-0818) enabling attackers to delete arbitrary files on your server: #AppSec 👇 searchenginejournal.com/vulnerability-…

#Wordpress: Contact Form Entries Plugin Vulnerability Affects 70K+ Websites. Critical PHP Object Injection #Vulnerability (CVE-2025-7384) allows attackers to delete arbitrary files, leading to a denial of service or remote code execution #RCE: 👇 searchenginejournal.com/wordpress-cont…

Looks like our OWASP #Nettacker has been included in the Stryker platform:

New supply-chain attacks hit open-source repos: #PyPI: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors. #npm: packages redux-ace,rtk-lo posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets: thehackernews.com/2025/08/malici…

#MCP Horror Story: Hackers leaked sensitive data from a private GitHub repo by planting a prompt injection in a public #GitHub issue abusing GitHub MCP Server: #AISecurity #PromptInjection 👇 docker.com/blog/mcp-horro…

#VibeCoding: according to PaloAlto 50%+ of #AI-generated code snippets contain vulnerabilities. Developers blindly trust vibe-coding tools as they're quietly introducing SQL injections, hardcoded secrets, and overly permissive cloud configs at scale: 👇 thehackernews.com/expert-insight…

#OWASP Global #AppSec 2025 Conference in Washington DC on November 3-7 will feature amazing keynote speakers: adam shostack and ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ , 3 days of OWASP in-person training courses, 2 days of conference talks in builder/breaker/defender/manager tracks:

⚠️#Docker: If you are using Docker for Desktop you need to update it TODAY to v4.44.3. Critical CVE-2025-9074 #vulnerability in previous versions allows malicious containers to access host system: 👇 heise.de/en/news/Docker…

#AI: Hundreds of thousands of user conversations with Elon Musk's artificial intelligence (AI) chatbot #Grok have been exposed in search engine results - seemingly without users' knowledge: 👇 bbc.co.uk/news/articles/…