Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch” has a Common Vulnerability Scoring System score of 9.3.

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

An 'automated attacker' mimics the actions of human hackers to test the browser's defenses against prompt injection attacks. But there's a catch.

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Morningstar

Novo Nordisk files for FDA approval of a higher dose of Wegovy® injection 7.2 mg

PLAINSBORO, N.J. and BAGSVÆRD, Denmark, Nov. 26, 2025 /PRNewswire/ -- Today, Novo Nordisk announced the submission of a sNDA to the U.S. Food and Drug Administration (FDA) for a higher dose of ...
Infosecurity-magazine.com

HashJack Indirect Prompt Injection Weaponizes Websites

Security researchers have discovered a new indirect prompt injection vulnerability that tricks AI browsers into performing malicious actions. Cato Networks claimed that “HashJack” is the first ...
Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

October 24, 2025 Add as a preferred source on Google Add as a preferred source on Google An ethical hacker demonstrated that ChatGPT Atlas is vulnerable to clipboard injection attacks. Atlas' agent ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...
Ars Technica

Claude’s new AI file-creation feature ships with security risks built in

On Tuesday, Anthropic launched a new file-creation feature for its Claude AI assistant that enables users to generate Excel spreadsheets, PowerPoint presentations, and other documents directly within ...
Searchenginejournal.com

Perplexity Comet Browser Vulnerable To Prompt Injection Exploit

Brave described a vulnerability that can be activated when a user asks the Comet AI browser to summarize a web page. The LLM will read the web page, including any embedded prompts that command the LLM ...
Searchenginejournal.com

Vulnerability In 3 WordPress File Plugins Affects 1.3 Million Sites

An advisory was issued for three WordPress file management plugins that are affected by a vulnerability that allows unauthenticated attackers delete arbitrary files. The three plugins are installed in ...