A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in... Read more »

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web... Read more »

Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension... Read more »

Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste’s digital banking and online services. This week, the French national postal service La Poste confirmed... Read more »

A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than... Read more »

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source group published... Read more »

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed “recent abuse” of a five-year-old security vulnerability, tracked... Read more »

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-14847 (CVSS score 8.7), an... Read more »

The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used... Read more »