Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Communications of the ACM

Guardians of the Agents

A more advanced solution involves adding guardrails by actively monitoring logs in real time and aborting an agent’s ongoing ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...
Bleeping Computer

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...
eWeek

OpenAI Steps Up Security as ChatGPT Atlas Faces Ongoing Prompt Injection Threats

The AI firm has rolled out a new security update to Atlas’ browser agent after uncovering a new class of prompt injection ...
GIGAZINE

It was discovered that a vulnerability in a legal assistance AI tool allowed outsiders to access nearly 100,000 confidential files.

AI is being used in many fields, and many AI services aimed at lawyers have also emerged. Meanwhile, security researcher Alex Shapiro reported that the AI-based legal assistance tool ' Filevine ' had ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...