SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
GitHub

Vulnerability: XMLDecoder Deserialization Vulnerability (Java RCE) in Ladybug < 3.0 ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
thecyberexpress

Attackers Deployed Medusa Ransomware via GoAnywhere MFT Zero-Day

Cybercriminals exploited a critical deserialization flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool—tracked as CVE-2025-10035—to drop Medusa ransomware, Microsoft disclosed Monday. The ...
Microsoft

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer ...

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS ...
CSOonline

SolarWinds fixes Web Help Desk patch bypass for actively exploited flaw — again

‘Third time’s the charm?’ asks a prominent security researcher after what appears to be the same critical Java deserialization flaw gets a third security update. SolarWinds has released a third patch ...
SecurityWeek

SolarWinds Makes Third Attempt at Patching Exploited Vulnerability

CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986. SolarWinds on Tuesday announced a hotfix for a remote code execution (RCE) vulnerability in ...
SecurityWeek

Fortra Patches Critical GoAnywhere MFT Vulnerability

Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. Fortra has released patches for a critical-severity vulnerability in ...
Bleeping Computer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet

Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based ...
thecyberexpress

CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, a rare ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...