The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
The Hacker News

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster malware hid inside 17 Firefox add-ons, abusing logo files to hijack links, inject tracking code, and run ad fraud ...
GitHub

Security: JavaScript Injection Vulnerability in Investigation Results Chart

A potential JavaScript injection vulnerability exists in the Health Analytics tab of the OPD Visit page. Investigation names are interpolated directly into JavaScript string literals without proper ...