EurekAlert!

Vulnerability of large language models to prompt injection when providing medical advice

About The Study: In this quality improvement study using a controlled simulation, commercial large language models (LLM’s) demonstrated substantial vulnerability to prompt-injection attacks (i.e., ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
Communications of the ACM

Guardians of the Agents

A more advanced solution involves adding guardrails by actively monitoring logs in real time and aborting an agent’s ongoing ...
The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under ...
SecurityWeek

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The MITRE Corporation has released an updated Common ...
Bleeping Computer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...
IEEE

Design and Implementation of File Upload Vulnerability Detection Tool

Abstract: The file upload vulnerability is one of the common and highly harmful vulnerabilities in web applications, which can be exploited by attackers to control web servers. This article focuses on ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. A critical-severity vulnerability in the Apache Tika open source analysis ...
GitHub

DLL Hijacking Vulnerability Scanner

SearchAvailableExe is a comprehensive security research tool designed to identify and analyze DLL hijacking vulnerabilities in Windows executable files. This tool systematically scans signed ...
The Hacker News

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The ...
Bleeping Computer

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...