Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.
bitnewsbot

Gladinet Flaw: Hard-Coded Keys Enable Remote Code Execution Exploit

A new vulnerability affecting Gladinet CentreStack and Triofox software has been actively exploited, impacting at least nine organizations as of December 10, 2025. The flaw stems from hard-coded ...
TWCN Tech News

How to disable Exploit Protection in Windows 11

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...
CoinTelegraph

Balancer exploit swells to $116M in outflows as team offers 20% bounty

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...
ExtremeTech

Microsoft Rolls Out Emergency Windows Server Update Following WSUS Exploits

Microsoft has released an emergency out-of-band security update for Windows Server to address a probable remote code execution vulnerability tracked as CVE-2025-59287. The issue affects the Windows ...
aha.org

H-ISAC TLP White Threat Bulletin: POC Exploit Available for Critical WSUS Flaw CVE-2025-59287 - 10-24-2025

On October 23, 2025, Microsoft issued an out-of-band (OOB) security update for a critical-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-59287, which impacts the Windows ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SAP has rolled out security fixes for 13 new security issues , including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
ZDNet

This new Android exploit can steal everything on your screen - even 2FA codes

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
Bleeping Computer

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters ...
GCN

New GoAnywhere flaw heightens supply-chain attack risks

Security experts are raising an alarm about the possibility of supply-chain attacks, particularly by hackers on GoAnywhere MFT, a popular enterprise file transfer solution. The critical severity bug ...
Dark Reading

Critical SAP Vulns Under Exploitation in 'One-Two Punch' Attack

Two critical vulnerabilities found in SAP NetWeaver Visual Composer that were previously exploited are once again under attack from a new exploit. The exploit, which links the two vulnerabilities, was ...
aha.org

H-ISAC TLP White Threat Bulletin: Publicly Available Exploit Code Chains Critical SAP NetWeaver Flaws

On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution. The flaws, tracked ...