The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA adds an actively exploited Digiever DS-2105 Pro NVR vulnerability to KEV, warning of botnet attacks and urging ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Benzinga.com

Biogen, Eisai File In Japan To Make Leqembi A Weekly At-Home Alzheimer's Shot

Biogen Inc.‘s (NASDAQ: BIIB) partner Eisai Co., Ltd, on Friday filed a new drug application for Leqembi (lecanemab) seeking approval for a subcutaneous formulation (SC-AI) as a new route of ...
Morningstar

Novo Nordisk files for FDA approval of a higher dose of Wegovy® injection 7.2 mg

PLAINSBORO, N.J. and BAGSVÆRD, Denmark, Nov. 26, 2025 /PRNewswire/ -- Today, Novo Nordisk announced the submission of a sNDA to the U.S. Food and Drug Administration (FDA) for a higher dose of ...
Infosecurity-magazine.com

HashJack Indirect Prompt Injection Weaponizes Websites

Security researchers have discovered a new indirect prompt injection vulnerability that tricks AI browsers into performing malicious actions. Cato Networks claimed that “HashJack” is the first ...
Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

October 24, 2025 Add as a preferred source on Google Add as a preferred source on Google An ethical hacker demonstrated that ChatGPT Atlas is vulnerable to clipboard injection attacks. Atlas' agent ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...
Bleeping Computer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based ...
Ars Technica

Claude’s new AI file-creation feature ships with security risks built in

On Tuesday, Anthropic launched a new file-creation feature for its Claude AI assistant that enables users to generate Excel spreadsheets, PowerPoint presentations, and other documents directly within ...