CSRF - Vulnerability

Threat entity extracted from intelligence sources

Frequency
3
occurrences
First Seen
October 28, 2025
Last Seen
January 16, 2026

CSRF is a vulnerability tracked across 3 threat clusters and 3 intelligence report mentions on ThreatCluster. First observed October 28, 2025; most recent activity January 16, 2026.

Overview

CSRF (Cross-Site Request Forgery) is a web security flaw where an attacker tricks an authenticated user’s browser into making unintended requests to a vulnerable application, leveraging the user’s active session. It exploits browser cookies and credentials to perform state-changing actions without the user’s consent, making mitigations like anti-CSRF tokens and SameSite cookies essential. This vulnerability remains a significant concern in web security due to its potential for stealthy, impactful exploits across many web apps.

Related Threat Clusters

  • 2025 CWE Top 25 Most Dangerous Software Weaknesses Released

    The 2025 CWE Top 25 Most Dangerous Software Weaknesses list has been published, identifying critical vulnerabilities that pose significant risks to software security. This list is intended for developers and…

    10 articles · Updated December 11, 2025
  • Risks of Agentic Browsers Highlighted in 2025 Review

    In 2025, Agentic Browsers, AI-powered tools that autonomously perform online tasks, became mainstream. However, their rapid adoption raised significant privacy and security concerns, particularly regarding access to…

    2 articles · Updated January 16, 2026
  • Vulnerabilities Found in OpenAI's Atlas Browser Allow Malicious Code Injection

    Security researchers from LayerX have identified vulnerabilities in OpenAI's Atlas browser that enable attackers to inject malicious code into the browser's memory. This flaw allows for remote code execution and the…

    5 articles · Updated October 28, 2025

Recent Intelligence Reports

  • Agentic Browser Security: 2025 Year-End Review — Wiz · January 16, 2026
  • MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities — Feeds.Feedburner · December 12, 2025
  • LayerX Exposes Critical Flaw in OpenAI’s ChatGPT Atlas Browser — Esecurityplanet · October 28, 2025

CVSS v3.1 Breakdown