IEEE

ZAPx: Extending OWASP ZAP for Enhanced Web Vulnerability Detection and AI-Powered Remediation

Abstract: Web applications are increasingly targeted by automated attacks and client-side code vulnerabilities, posing significant risks to data confidentiality and system integrity. Automated threats ...
GitHub

zentinelproxy/zentinel-agent-modsec

ModSecurity WAF agent for Zentinel reverse proxy. Provides full OWASP Core Rule Set (CRS) support via libmodsecurity. Note: This agent uses libmodsecurity bindings ...
The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
GitHub

Fully automated OWASP ZAP security scanner for web applications.

Drop it into any project, and Auto-ZAP detects your framework, starts your database, installs dependencies, launches your app, runs OWASP ZAP, and generates vulnerability reports. No configuration ...
IEEE

Identification of Security Vulnerabilities of XYZ Website using Open Web Application Security Project Zed Attack Proxy and Nikto

Abstract: With the rapid expansion of web applications, ensuring information system security has become a critical priority. Inadequate protective measures expose systems to cyber-attacks that may ...
CSOonline

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old standbys, like broken access control, are still at the top. Software supply ...