News provided by
OWASP
Dec 10, 2025, 03:03 ET
WILMINGTON, Del., Dec. 10, 2025 /PRNewswire/ -- The OWASP GenAI Security Project (genai.owasp.org), a leading global open-source and expert community dedicated to delivering practical guidance and tools for securing generative and agentic AI, today released the OWASP Top 10 for Agentic Applications, a key resource to help organizations identify and mitigate the unique risks posed by autonomous AI agents.
Following more than a year of research, review and refinement, this Top 10 list reflects a culmination of input from over 100 security researchers, industry practitioners, user organizations and leading cybersecurity and generative AI technology providers. The result is not only a list of risks and mitigations, but a suite of resources designed for practitioners providing data-driven guidance.
The framework was further evaluated by the GenAI Security Project's Agentic Security Initiative Expert Review Board, which includes representatives from recognized bodies around the world such as NIST, European Commission and the Alan Turing Institute, among others. A full list of contributing organizations can be found here.
"This new OWASP Top 10 reflects incredible collaboration between AI security leaders and practitioners across the industry," said Scott Clinton, the OWASP GenAI Security Project's Co-Chair, Board Member, and Co-Founder. "As AI adoption accelerates faster than ever, security best practices must keep pace. The community's responsiveness has been remarkable, and this Top 10, along with our broader open-source resources, ensures organizations are better equipped to adopt this technology safely and securely."
Agent Behavior Hijacking, Tool Misuse and Exploitation and Identity and Privilege Abuse are some of the highlighted threats within the Top 10 and they showcase how attackers can subvert agent capabilities or their supporting infrastructure. Incidents involving these agentic systems are increasingly capable across industries, elevating the need for these new resources.
"Companies are already exposed to Agentic AI attacks - often without realizing that agents are running in their environments," said Keren Katz, Co-Lead for OWASP's Top 10 for Agentic AI Applications and Senior Group Manager of AI Security at Tenable. "While the threat is already here, the information available about this new attack vector is overwhelming. Effectively protecting a company against Agentic AI requires not only strong security intuition but also a deep understanding of how AI agents fundamentally operate."
"Agentic AI introduces a fundamentally new threshold of security challenges, and we are already seeing real incidents emerge across industry," said John Sotiropoulos, GenAI Security Project Board member, Agentic Security Initiative and Top 10 for Agentic Applications Co-lead, and Head of AI Security at Kainose. "Our response must match the pace of innovation, which is why this Top 10 focuses on practical, actionable guidance grounded in real-world attacks and mitigations. This release marks a pivotal moment in securing the next generation of autonomous AI systems."
The Top 10 for Agentic Applications joins a growing portfolio peer-reviewed resources released by the OWASP GenAI Security Project and its Agentic Security Initiative, including:
The State of Agentic Security and Governance 1.0: A practical guide to the governance and regulations for the safe and responsible deployment of autonomous AI systems.
The Agentic Security Solutions Landscape: A quarterly, peer-reviewed map of open-source and commercial agentic AI tools and how they support SecOps and mitigate DevOps–SecOps risks.
A Practical Guide to Securing Agentic Applications: Practical technical guidance for securely designing and deploying LLM-powered agentic applications.
Reference Application for Agentic Security: An OWASP FinBot Capture The Flag applications , designed to test and practice agentic security skills in a controlled environment.
Agentic AI Threats and Mitigations: This document is the first in a series to provide a threat-model-based reference of emerging agentic threats and discuss mitigations.
And more
"Over the past two and a half years, the OWASP Top 10 for LLM Applications has shaped much of the industry's thinking on AI security," said, Steve Wilson, OWASP GenAI Security Project Board Co-Chair, Founder of OWASP Top 10 for LLM, and CPO of Exabeam, Inc. "This year, we've seen agentic systems move from experiments to real deployments, and that shift brings a different class of threats into clear view. Our team met that challenge by expanding our guidance to address how agentic systems behave, interact, and make decisions. The LLM Top 10 will remain a core, regularly updated resource, and aligning both efforts is key to helping the community build safer, more reliable intelligent systems.
Discover what industry experts, researchers and leading global organizations have to say about the new Top 10 for Agentic Applications here.
The OWASP GenAI Security Project invites organizations, researchers, policymakers and practitioners to access the new Top 10 for Agentic Applications, contribute to future updates and join the global effort to build secure, trustworthy AI systems. Visit our site to learn more and how you can contribute.
About OWASP Gen AI Security Project
The OWASP Gen AI Security Project (genai.owasp.org) is a global, open-source initiative and expert community dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies, including large language models (LLMs), agentic AI systems, and AI-driven applications. Our mission is to empower organizations, security professionals, AI practitioners, and policymakers with comprehensive, actionable guidance and tools to ensure the secure development, deployment, and governance of generative AI systems. Visit our site to learn more.
From:
Foreign, Commonwealth & Development Office gov.uk
Published
9 December 2025
Two tech companies based in China have been sanctioned for reckless and indiscriminate cyberattacks
Sichuan Anxun Information Technology Co. Ltd (known as i-Soon) for targeting over 80 government and private industry IT systems across the world, and for supporting others planning to carry out malicious cyber activity.
Integrity Technology Group Incorporated (known as Integrity Tech) for controlling and managing a covert cyber network and providing technical assistance for others to carry out cyberattacks. Targets have included UK public sector IT systems.
I-Soon and Integrity Tech are examples of the threat posed by the cyber industry in China, which includes information security companies, data brokers (that collect and sell personal data), and ‘hackers for hire’. Some of these companies provide cyber services to the Chinese intelligence services.
The UK’s National Cyber Security Centre (NCSC) assesses that it is almost certain that this ‘ecosystem’ or complex network of private sector actors, supports Chinese state-linked cyber operations.
The announcement follows the August 2025 exposure by the UK and international partners of three China-based companies linked to the cyber-espionage campaign known as SALT TYPHOON. Combined, they highlight the vast scale of cyberattacks by China-based companies targeting governments, telecommunications, military institutions, and public services worldwide.
These cyberattacks from unrestrained actors in China go against agreed UN cyber principles. The measures announced today are designed to reduce the risk of such threats to the UK’s security and broader international stability.
As the Prime Minister set out recently in a speech at the Guildhall, protecting our security is non-negotiable and the first duty of the government. The UK recognises that China poses a series of threats to UK national security. China is also a fellow permanent member of the UN Security Council, the world’s second largest economy and a nuclear power which has delivered almost a third of global economic growth over the past decade. We challenge threats robustly, enabling us to pursue cooperation where it is in our interest.
Notes to Editors
In August 2025, the UK alongside 12 other countries co-sealed a cyber security advisory linking China-based technology companies to some of the activities associated with a China state-affiliated APT group (commonly known as SALT TYPHOON). These companies are: Sichuan Juxinhe Network Technology Co. Ltd, Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruije Network Technology Co. Ltd.
This activity targeted governments, telecommunications, transportation, and military infrastructure globally, and sought to provide Chinese intelligence services with the capability to identify and track targets’ communications and movements worldwide.
Together with France, the UK continues to lead the Pall Mall Process, an international initiative which seeks to establish a framework for responsible behaviour for those involved in the rapidly growing market in commercial cyber intrusion capabilities.
The UK has consistently promoted the UN normative framework for responsible state behaviour in cyberspace. The UK remains the first and only country to publish guidelines for its National Cyber Force detailing the principles that we adhere to. We firmly believe that states should use cyber capabilities in a responsible manner, whether commercial or otherwise.
breakingnews.ie
Darragh Mc Donagh
It has now emerged that a second ransomware attack took place last February
There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said.
Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million.
It has now emerged that a second ransomware attack took place last February, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the midlands.
IT systems were fully recovered following the cyberattack and there was no evidence that data had been exfiltrated, according to HSE records obtained under the Freedom of Information Act.
A ransomware attack occurs when malicious software locks or encrypts a victim’s computer systems, blocking access until a ransom is paid. Some attacks involve a threat to leak stolen data.
A spokeswoman for the HSE did not respond when asked whether the health authority had paid a ransom following the February cyberattack.
“The HSE manages and responds to thousands of cyber threats annually, taking appropriate action to ensure awareness of current threats, while maintaining the ability to deliver healthcare services securely and reliably, regardless of the evolving threat landscape,” she said.
The spokeswoman said HSE systems were not “directly” impacted by the February ransomware attack.
“The HSE has invested significantly in cyber remediation since the cyberattack in May 2021. Multiple ongoing programmes of work are focused on addressing all issues highlighted in the wake of the attack,” she added.
The original ransomware attack occurred when an employee clicked on a malicious MS Excel file that was attached to a phishing email on March 18th, 2021.
This enabled the hackers to gain access to the HSE’s IT environment, where they continued to operate undetected for more than eight weeks before detonating the ransomware on May 14th.
The attack caused widespread disruption and some information relating to patients was illegally accessed and copied.
Last year, the HSE said it had written to 90,936 people affected by the cyberattack. It has reportedly offered compensation of €750 to more than 600 individuals who took legal action over the breach.
A subsequent investigation found that the HSE was operating a frail IT system and did not have adequate cyber expertise or resources prior to the attack. The attack is estimated to have cost the HSE €102 million.
ico.org.uk | The Information Commissioner’s Office (ICO)
Date 11 December 2025
The Information Commissioner’s Office (ICO) has fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.
Service which promises to help people improve their security, has failed them, leaving them vulnerable
Combination of two isolated incidents enabled hacker to steal personal information relating to 1.6m customer
‘Zero knowledge’ encryption system ensures customer passwords and vaults are not decrypted
We have fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.
We found that LastPass failed to implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access to its backup database. There is no evidence that hackers were able to unencrypt customer passwords as these are stored locally on customer devices and not by LastPass.
The incidents occurred in August 2022 when a hacker gained access first to a corporate laptop of an employee based in Europe and then to a US-based employee’s personal laptop on which the hacker implanted malware and then was able to capture the employee’s master password. The combined detail from both incidents enabled the hacker to access LastPass’ backup database and take personal information which included customer names, emails, phone numbers, and stored website URLs.
John Edwards, UK Information Commissioner, said:
“Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced.
“LastPass customers had a right to expect the personal information they entrusted to the company would be kept safe and secure. However, the company fell short of this expectation, resulting in the proportionate fine being announced today.
“I call on all UK business to take note of the outcome of this investigation and urgently review their own systems and procedures to make sure, as best as possible, that they are not leaving their customers and themselves exposed to similar risks”.
Details of the two incidents
Incident one
A hacker compromised a LastPass employee’s corporate laptop and gained access to the company’s development environment.
No personal information was taken however encrypted company credentials were. If decrypted, this would allow access to the company’s backup database.
LastPass took steps to mitigate the hacker’s activity and believed encryption keys remained safe as they were stored outside of the area accessed by the hacker in the account vaults of four senior employees.
Incident two
The hacker then targeted one of the senior employees who had access to the decryption keys, gaining access to their personal device via a known vulnerability in a third-party streaming service.
A keylogger was installed capturing the employee’s master password and multi factor authentication was bypassed using a trusted device cookie.
The hacker then gained access to the employee’s personal and business LastPass vaults, which were linked using a single master password.
The hacker then gained access to the employee’s business vault which contained the Amazon Web Service (AWS) access key and decryption key.
This information, combined with information taken the day before, enabled the hacker to extract the contents of the backup database which contained the personal information.
Our investigation found no evidence that encrypted passwords and other credentials were able to be unencrypted by the hacker. This is due to LastPass’ use of a ‘zero knowledge’ encryption system, whereby the master password required to access a password vault is stored locally on a customer’s own device and never shared with LastPass.
Advice and guidance
We urge organisations to ensure internal security policies explicitly consider and address data breach risks. Where risks are identified access should be restricted to specific user groups.
Businesses wishing to review their procedures should turn to our and the National Cyber Security Centre websites which provide a rich source of information detailing ways to improve practices including Working from home – security checklist for employers, Data security guidance and Device security guidance.
Kyiv • UNN - unn.ua | УНН
December 6 2025
On December 6, the HUR MOD Cyber Corps and BO Team attacked the Russian logistics company "Eltrans+". Over 700 computers and servers were deactivated, 165 terabytes of data were destroyed, and network equipment was disabled.
The GUR Cyber Corps attacked Russia's leading logistics company on the night of December 6 - more than 700 computers and servers were deactivated, 165 terabytes of critical data were destroyed or encrypted, UNN reports with reference to sources.
On the night of December 6, specialists from the Main Intelligence Directorate of the Ministry of Defense, together with the BO Team, launched a cyberattack on the information and communication infrastructure of the Eltrans + group of companies. As a result of the attack, more than 700 computers and servers were deactivated, more than a thousand company users were deleted, and 165 terabytes of critical data were destroyed or encrypted.
ccording to the UNN interlocutor, in addition, the access control system, video surveillance data storage and backup system were affected, network equipment along with the core of the data center was deactivated and disabled, declarations for all cargo were destroyed, and all company websites were "defaced", which now greet Russian users with the Day of the Armed Forces of Ukraine.
Let's add
"Eltrans+" is among the top 10 largest customs representatives and freight forwarders in Russia. More than 5,000 Russian small, medium and large businesses use the services of "Eltrans+".
The company carries out international and domestic transportation (road, sea, air, multimodal), warehouse storage, transportation of consolidated cargo, as well as full customs clearance of goods.
"Eltrans+" is engaged in the delivery of sanctioned goods, as well as various electronic components from China, which are used by the Russian military-industrial complex, the UNN interlocutor reported.
koreajoongangdaily.joins.com
BY LEE YOUNG-KEUN, KIM JI-HYE
The former Coupang employee accused of leaking 33.7 million customer data had worked at the company for just two years, according to police on Thursday.
According to the Seoul Metropolitan Police Agency and sources familiar with the case who spoke to the JoongAng Ilbo, the suspect in the data breach — identified as a 43-year-old developer and Chinese national — was affiliated with Coupang's Seoul office. The person joined Coupang in November 2022 and was assigned to work on a key management security system before leaving the company late last year.
It’s difficult to understand from a common sense perspective why a newly hired developer with foreign nationality would be given access to sensitive customer information — especially in today’s security-conscious corporate environment,” said an industry source. “Given that such duties typically require strict security training and pledges, it raises questions about whether the company’s protocols were adequate.”
Coupang disclosed on Nov. 29 that approximately 37.7 million customer accounts had been exposed. The compromised data includes names, email addresses, saved delivery addresses, partial order histories and, in some cases, access codes for shared building entrances.
Due to the massive scale of the breach, police have been raiding Coupang’s headquarters in Songpa District, southern Seoul, for three consecutive days since Tuesday. Thursday's raid began around 9:40 a.m. Investigators are focused on securing records that can explain how the suspect allegedly gained access to Coupang’s security system and extracted the data. These include internal documents, work logs and system records related to the key management platform the suspect worked on during the employment period.
Police are also analyzing logs stored in the company’s security system, such as IP addresses, user credentials and access histories.
Coupang filed a criminal complaint with police on Nov. 25 regarding the leak. The police initially began an investigation based on documents submitted voluntarily by the company, but launched a compulsory search starting Tuesday. Investigators plan to trace the suspect’s methods and movements using the evidence collected in the raid. If Coupang’s negligence or legal violations are uncovered in the process, the company — currently treated as the victim — and employees responsible for handling personal information may also become subjects of investigation.
Meanwhile, the number of phishing scams linked to the Coupang breach has surged in recent days. According to Democratic Party lawmaker Lee Jeong-heon of the National Assembly’s Science, ICT, Broadcasting and Communications Committee, police received 229 phishing reports between Nov. 30 and Tuesday.
Most reports involved scams impersonating Coupang and offering fake compensation or claiming to be sending deliveries. Other familiar tactics, such as fake product review programs or phony prize announcements, were also used — many of which predate the breach.
“This incident is raising serious concerns over secondary damage such as phishing crimes,” Lee said. “Coupang and Executive Chairman Kim Bom must stop hiding behind silence and urgently take responsibility with transparent disclosure and a comprehensive compensation plan.”
