The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
GitHub

Cadmium CMS has a background arbitrary file upload vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
GitHub

Umbraco CMS has an arbitrary file upload vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...
The New York Times

What to Know on the Initial Release of Materials From the Epstein Files

The Justice Department came under scrutiny for its handling of the documents and deletions online of some material. It said it would not remove mentions of Donald Trump from the files as they are ...
The Hill

Here’s how to see the Epstein files released Friday

The Justice Department released a portion of the Jeffrey Epstein files to meet the Friday deadline established in a congressional bill with a series of downloadable files related to the convicted sex ...
CBS News

Epstein files totaling more than 60,000 pages have already been released this year. Here's what we've seen so far.

Graham Kates is an investigative reporter covering criminal justice, privacy issues and information security for CBS News Digital. Contact Graham at [email protected] or [email protected] ...
EurekAlert!

Vulnerability of large language models to prompt injection when providing medical advice

About The Study: In this quality improvement study using a controlled simulation, commercial large language models (LLM’s) demonstrated substantial vulnerability to prompt-injection attacks (i.e., ...
Bleeping Computer

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.
Bleeping Computer

Hackers exploit newly patched Fortinet auth bypass flaws

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. The two vulnerabilities ...
The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under ...