Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Communications of the ACM

Guardians of the Agents

A more advanced solution involves adding guardrails by actively monitoring logs in real time and aborting an agent’s ongoing ...
Morningstar

Novo Nordisk files for FDA approval of a higher dose of Wegovy® injection 7.2 mg

PLAINSBORO, N.J. and BAGSVÆRD, Denmark, Nov. 26, 2025 /PRNewswire/ -- Today, Novo Nordisk announced the submission of a sNDA to the U.S. Food and Drug Administration (FDA) for a higher dose of ...
Infosecurity-magazine.com

HashJack Indirect Prompt Injection Weaponizes Websites

Security researchers have discovered a new indirect prompt injection vulnerability that tricks AI browsers into performing malicious actions. Cato Networks claimed that “HashJack” is the first ...
Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

October 24, 2025 Add as a preferred source on Google Add as a preferred source on Google An ethical hacker demonstrated that ChatGPT Atlas is vulnerable to clipboard injection attacks. Atlas' agent ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...
Bleeping Computer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based ...
Ars Technica

Claude’s new AI file-creation feature ships with security risks built in

On Tuesday, Anthropic launched a new file-creation feature for its Claude AI assistant that enables users to generate Excel spreadsheets, PowerPoint presentations, and other documents directly within ...
Searchenginejournal.com

Perplexity Comet Browser Vulnerable To Prompt Injection Exploit

Brave described a vulnerability that can be activated when a user asks the Comet AI browser to summarize a web page. The LLM will read the web page, including any embedded prompts that command the LLM ...
Searchenginejournal.com

Vulnerability In 3 WordPress File Plugins Affects 1.3 Million Sites

An advisory was issued for three WordPress file management plugins that are affected by a vulnerability that allows unauthenticated attackers delete arbitrary files. The three plugins are installed in ...
WeLiveSecurity

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise ...