Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The release of the OWASP Top 10 for LLM Applications 2025 provides a comprehensive overview of the evolving security challenges in the world of Large Language Models (LLMs). With advancements in AI, the adoption of LLMs like GPT-4, LaMDA, and PaLM has grown, but so have the risks. The new 2025 list builds upon the foundational threats outlined in previous years, reflecting the changing landscape of LLM security.

A new and growing threat has emerged, targeting vulnerable PHP servers with a sophisticated cryptocurrency mining attack. This exploit takes advantage of misconfigured or unpatched PHP servers, allowing malicious actors to gain unauthorized access and deploy mining malware. The campaign focuses on exploiting vulnerabilities in PHP, particularly CVE-2024-4577, which has already been linked to several exploit attempts and continues to affect systems worldwide.

With each organization facing over 30 critical or high-risk vulnerabilities per website/public-facing asset annually and 31% of these remaining open for over 180 days, the pressure to address vulnerabilities promptly is undeniable. Delays in patching not only increase the risk of breaches but also erode the trust of clients, vendors, and partners while compromising compliance efforts.

The Securities and Exchange Board of India (SEBI) has raised the bar on cybersecurity with its newly introduced Cybersecurity and Cyber Resilience Framework (CSCRF), effective August 20, 2024. For regulated entities (REs)—including stockbrokers, depositories, asset managers, and alternative investment funds—the framework not only requires compliance but also lays out a clear path toward resilience. These new guidelines require REs to implement VAPT and risk management, among other mandates.