eWeek

LangChain AI Vulnerability Exposes Millions of Apps

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
NextBigFuture

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...
GitHub

Vulnerability: XMLDecoder Deserialization Vulnerability (Java RCE) in Ladybug < 3.0-20251107.114628

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
Bleeping Computer

SAP fixes three critical vulnerabilities across multiple products

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. The most severe (CVSS score: 9.9) of all the issues is ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
Infosecurity-magazine.com

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

Three critical zero-day vulnerabilities affecting PickleScan, a widely used tool for scanning Python pickle files and PyTorch models, have been uncovered by cybersecurity researchers. The flaws, all ...
ExtremeTech

Microsoft Rolls Out Emergency Windows Server Update Following WSUS Exploits

Microsoft has released an emergency out-of-band security update for Windows Server to address a probable remote code execution vulnerability tracked as CVE-2025-59287. The issue affects the Windows ...
Yahoo

Hackers exploiting critical vulnerability in Windows Server Update Service

Co-founder and former CEO of Microsoft Bill Gates steps down from Microsoft board to spend more time on the Bill and Melinda Gates Foundation. This story was originally published on Cybersecurity Dive ...
Supply Chain Management Review

Exploited trust: What GoAnywhere reveals about supply chain weak links

When Microsoft confirmed that the threat actor Storm-1175 has been actively exploiting CVE-2025-10035 in GoAnywhere MFT systems, the disclosure revealed far more than another ransomware incident. It ...