Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

The vulnerability, tracked as CVE-2025-68664 and dubbed “LangGrinch,” has a Common Vulnerability Scoring System score of 9.3.
Dark Reading

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

Editor's note: Update at bottom of story. Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Infosecurity-magazine.com

New Vulnerabilities Found in Adobe ColdFusion

Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform. On July 11, 2023, Adobe released patches for ...
Threat Post

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework

Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. Versions of the popular developer tool Zend Framework and ...
Bleeping Computer

Microsoft fixes actively exploited Exchange zero-day bugs, patch now

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks. These four ...