Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to…
Latest Cybersecurity News — Page 1018
View all →
Trust Wallet Chrome extension hack tied to millions in losses
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an…
LLMs can assist with vulnerability scoring, but context still matters
Every new vulnerability disclosure adds another decision point for already stretched security teams. A recent study explores whether LLMs can take on part of that…
Critical LangChain Vulnerability Allows Attackers to Steal Sensitive Secrets
A critical security vulnerability in LangChain, one of the world’s most widely deployed AI frameworks, enables attackers to extract environment variable secrets and, through a…
Parrot 7.0 Released with New Penetration Testing and AI Tools
Parrot OS 7.0, codenamed Echo, launches as a complete system rewrite based on Debian 13, bringing KDE Plasma 6, Wayland by default, and fresh penetration…
The next big IT security battle is all about privileged access
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in 2026 driven by new realities of cybersecurity, hybridization, AI, and…
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discovered by a…
ChatGPT’s new formatting blocks make its UI look more like a task tool
OpenAI has quietly rolled out ‘formatting blocks,’ which tweak GPT’s layout to match the UI of the task it is supposed to execute. ChatGPT has…
Five-year-old Fortinet FortiOS SSL VPN flaw actively exploited
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited Pierluigi Paganini December 25, 2025 Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused…
Google Now Allows Users to Change Their @gmail.com Email Address
For years, one of the most persistent frustrations for Google users has been the inability to alter their primary email address without creating an entirely…
Unpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA Controls
A critical authentication bypass vulnerability in FortiGate devices enables threat actors to circumvent two-factor authentication (2FA) protections through case-sensitive username manipulation. The flaw, tracked as…
Google will finally allow you to change your @gmail.com address
Google will finally allow you to change your @gmail address or create a new alias, according to a new support document. As spotted in a…