The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is ...
Network World

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...
Bleeping Computer

Ivanti warns of critical Endpoint Manager code execution flaw

American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. Ivanti ...
heise online

WinRAR: Code smuggling vulnerability is being attacked

A security vulnerability in the WinRAR compression program, present until version 7.12 Beta 1, allows attackers to inject malicious code. Attacks exploiting this vulnerability have now been observed.
Bleeping Computer

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...
Metal Injection

SHARON OSBOURNE Opens Up About The Final Hours & Last Words Of OZZY OSBOURNE

Ozzy Osbourne sadly died on July 22, 2025 from a heart attack, with coronary artery disease and Parkinson's disease listed as secondary causes of death. Now in a heartbreaking new interview on the ...