A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Eurostar's recently-introduced AI-powered customer support chatbot was marred with cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.

Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could ...

The U.K. Information Commissioner's Office has issued a warning to businesses to eliminate SQL injection vulnerabilities from their websites, after fining a hotel booking site for failing to properly ...

Vulnerabilities that leave applications open to SQL injection are the most dangerous software errors in cyberspace, according to rankings issued earlier this week by top security groups. Issued by the ...

Two significant security vulnerabilities have been identified in the Fancy Product Designer premium plugin, which allows the customization of WooCommerce products. The issues remain unpatched in the ...

Tenable says it found seven prompt injection flaws in ChatGPT-4o, dubbed the “HackedGPT” attack chain Vulnerabilities include hidden commands, memory persistence, and safety bypasses via trusted ...

A serious security issue has been discovered in the WordPress Paid Membership Subscriptions plugin, which is used by over 10,000 sites to manage memberships and recurring payments. Versions 2.15.1 and ...

MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe ...

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...

Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices. The ...