The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Communications of the ACM

Guardians of the Agents

A more advanced solution involves adding guardrails by actively monitoring logs in real time and aborting an agent’s ongoing ...
Benzinga.com

Biogen, Eisai File In Japan To Make Leqembi A Weekly At-Home Alzheimer's Shot

Biogen Inc.‘s (NASDAQ: BIIB) partner Eisai Co., Ltd, on Friday filed a new drug application for Leqembi (lecanemab) seeking approval for a subcutaneous formulation (SC-AI) as a new route of ...
Morningstar

Novo Nordisk files for FDA approval of a higher dose of Wegovy® injection 7.2 mg

PLAINSBORO, N.J. and BAGSVÆRD, Denmark, Nov. 26, 2025 /PRNewswire/ -- Today, Novo Nordisk announced the submission of a sNDA to the U.S. Food and Drug Administration (FDA) for a higher dose of ...
Infosecurity-magazine.com

HashJack Indirect Prompt Injection Weaponizes Websites

Security researchers have discovered a new indirect prompt injection vulnerability that tricks AI browsers into performing malicious actions. Cato Networks claimed that “HashJack” is the first ...
Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

October 24, 2025 Add as a preferred source on Google Add as a preferred source on Google An ethical hacker demonstrated that ChatGPT Atlas is vulnerable to clipboard injection attacks. Atlas' agent ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...
Ars Technica

Claude’s new AI file-creation feature ships with security risks built in

On Tuesday, Anthropic launched a new file-creation feature for its Claude AI assistant that enables users to generate Excel spreadsheets, PowerPoint presentations, and other documents directly within ...
Bleeping Computer

Critical SAP S/4HANA vulnerability now exploited in attacks

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. The flaw, tracked as CVE-2025-42957, is an ABAP code ...