The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

OpenAI Admits Prompt Injection Is a Lasting Threat for AI Browsers

Security researchers have warned the users about the increasing risk of prompt injection attacks in the AI browsers.
The Hacker News

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster malware hid inside 17 Firefox add-ons, abusing logo files to hijack links, inject tracking code, and run ad fraud ...
GitHub

Security: JavaScript Injection Vulnerability in Investigation Results Chart

A potential JavaScript injection vulnerability exists in the Health Analytics tab of the OPD Visit page. Investigation names are interpolated directly into JavaScript string literals without proper ...