The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
blockchain

How Generative AI and Python Pickle Enable Advanced Object Serialization for Developers: Key Skills from DeepLearning.AI

According to DeepLearning.AI (@DeepLearningAI), leveraging ChatGPT to master Python serialization libraries like Pickle helps software developers efficiently serialize and deserialize complex objects ...
GitHub

xmss: fix serialization/deserialization strategy and tests

Currently, for the serialization and deserialization strategy of the signature, in the reference implementation, we are using serde derivation pipeline: For consistency, we need to have the same ...
Dark Reading

Microsoft Issues Emergency Patch for Critical Windows Server Bug

Microsoft on Thursday deployed a reworked update for a critical vulnerability in the Windows Server Update Service (WSUS) that has come under attack in the wild. CVE-2025-59287 is a remote code ...
SecurityWeek

Critical Windows Server WSUS Vulnerability Exploited in the Wild

Microsoft on Thursday released out-of-band updates to patch a critical vulnerability impacting the Windows Server Update Service (WSUS), and exploitation of the flaw was seen just hours later. WSUS is ...
The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
Microsoft

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS ...
Microsoft

Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Update 2025-10-15: Our artifact evaluated by the ACM CCS 2025 AEC (opens in new tab), companion to our paper, has received the ACM CCS 2025 Distinguished Artifact Award (opens in new tab)! Incorrect ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...
foodindustryexecutive

ANTARES VISION GROUP: AGREEMENT WITH A US FMCG MULTINATIONAL FOR GLOBAL SERIALIZATION AND TRACEABILITY PLATFORM

The Group was chosen to ensure regulatory compliance and end-to-end traceability in the cosmetics supply chain, with scalable management of billions of products, real-time data exchange, and digital ...
healthcarepackaging

Digital Solutions Improve Serialization and Cold Chain Management

With biologics comprising over 40% of drugs in development, the need for precise temperature control is paramount. To accommodate the rise in biologics and GLP-1s PCI has invested heavily in cold ...
Bleeping Computer

Trend Micro fixes critical vulnerabilities in multiple products

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption ...