The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
HHS

Regulator Sounds SQL Injection Warning

The U.K. Information Commissioner's Office has issued a warning to businesses to eliminate SQL injection vulnerabilities from their websites, after fining a hotel booking site for failing to properly ...

Eurostar chatbot security flaws almost left customers exposed to possible security threats

Eurostar's recently-introduced AI-powered customer support chatbot was marred with cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.
Infosecurity-magazine.com

Fancy Product Designer Plugin Flaws Expose WordPress Sites

Two significant security vulnerabilities have been identified in the Fancy Product Designer premium plugin, which allows the customization of WooCommerce products. The issues remain unpatched in the ...
Dark Reading

DHS, Mitre Name SQL Injection Flaws As Most Dangerous Software Error

Vulnerabilities that leave applications open to SQL injection are the most dangerous software errors in cyberspace, according to rankings issued earlier this week by top security groups. Issued by the ...

Pen testers accused of 'blackmail' after reporting Eurostar chatbot flaws

Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could ...
SiliconANGLE

JFrog report highlights critical security flaws in machine learning platforms

A new report out today from software supply chain company JFrog Ltd. reveals a surge in security vulnerabilities in machine learning platforms, highlighting the relative immaturity of the field ...
Infosecurity-magazine.com

High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users

A serious security issue has been discovered in the WordPress Paid Membership Subscriptions plugin, which is used by over 10,000 sites to manage memberships and recurring payments. Versions 2.15.1 and ...
Bleeping Computer

MOVEit Transfer customers warned to patch new critical flaw

MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe ...
Hosted on MSN

Researchers claim ChatGPT has a whole host of worrying security flaws - here's what they found

Tenable says it found seven prompt injection flaws in ChatGPT-4o, dubbed the “HackedGPT” attack chain Vulnerabilities include hidden commands, memory persistence, and safety bypasses via trusted ...
Bleeping Computer

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...