The 2025 OWASP Top 10 introduces two new categories: Software Supply Chain Failures (A03) and Mishandling of Exceptional Conditions (A10). Security Misconfiguration rises to #2, while Broken Access Control (A01) now explicitly includes BOLA and BFLA API authorization failures. The update reflects shifts in attack patterns and emphasizes gaps in tooling and SDLC maturity.
