The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA adds an actively exploited Digiever DS-2105 Pro NVR vulnerability to KEV, warning of botnet attacks and urging ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Morningstar

Novo Nordisk files for FDA approval of a higher dose of Wegovy® injection 7.2 mg

PLAINSBORO, N.J. and BAGSVÆRD, Denmark, Nov. 26, 2025 /PRNewswire/ -- Today, Novo Nordisk announced the submission of a sNDA to the U.S. Food and Drug Administration (FDA) for a higher dose of ...
Infosecurity-magazine.com

HashJack Indirect Prompt Injection Weaponizes Websites

Security researchers have discovered a new indirect prompt injection vulnerability that tricks AI browsers into performing malicious actions. Cato Networks claimed that “HashJack” is the first ...
Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

October 24, 2025 Add as a preferred source on Google Add as a preferred source on Google An ethical hacker demonstrated that ChatGPT Atlas is vulnerable to clipboard injection attacks. Atlas' agent ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...
Futurism

Researchers Find Severe Vulnerabilities in AI Browser

A hype cycle as overwhelming and logic-defying as the AI boom comes with its own whirlwind succession of trends that are their own mini booms driven by billions of dollars of money. Once the world got ...
GitHub

Potential Path Traversal Vulnerability in "copyDirectoryFromPod" method

When checking the CVE-2020-8570 fix commit, I discovered that a potential CWE-22 vulnerability still exists in the "Copy.java" file "copyDirectoryFromPod" method, which affects from ...
GitHub

Skills Assessment - SQL Injection Fundamentals

This report presents the findings from a comprehensive web application security assessment conducted for Inlanefreight. The assessment focused on identifying SQL injection vulnerabilities within a ...