Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical vulnerability in LangChain Core (CVE‑2025‑68664) has been disclosed that allows attackers to extract sensitive secrets and manipulate large language model operations through a serialization injection flaw. The issue impacts applications using this core LLM framework and could lead to unauthorized access to credentials and downstream system compromise if exploited.
[Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites](https://thehackerne…
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical vulnerability in LangChain Core (CVE‑2025‑68664) has been disclosed that allows attackers to extract sensitive secrets and manipulate large language model operations through a serialization injection flaw. The issue impacts applications using this core LLM framework and could lead to unauthorized access to credentials and downstream system compromise if exploited.
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Researchers discovered two malicious Chrome browser extensions distributed through the official Chrome Web Store that intercept web traffic and exfiltrate user credentials for over 170 popular domains. The extensions use a proxy mode to route traffic through attacker infrastructure, making them a high‑impact credential harvesting threat.
Aflac Breach Exposes Personal and Health Data of More Than 22M People
Insurance provider Aflac disclosed that a cyberattack from June resulted in the theft of personal and health information for approximately 22.65 million people. The incident highlights ongoing risks to sensitive health data and underscores the scale of breaches affecting major US companies.
Cybersecurity Threat Activity Intensifies With Mass Exploit and DDoS Attacks (Last 24 Hours)
A recent deep‑dive review of threat actor activity over the past 24 hours reveals widespread exploitation of web application vulnerabilities, ransomware‑as‑a‑service campaigns, and record‑level volumetric DDoS attacks. These coordinated and automated attacks show how adversaries are expanding both scale and sophistication across the global threat landscape.
Why Hackers Love the Holidays
A holiday‑period cybersecurity trend report highlights that a majority of ransomware and other attacks occur during weekends and holidays when staffing levels are reduced. The piece underscores the need for sustained vigilance and preparation during low‑staff intervals to mitigate opportunistic threat activity.
IBM Sees Seven Major Cybersecurity Dangers Next Year With AI at the Center
IBM’s latest forecast outlines seven cybersecurity risk trends for 2026, with artificial intelligence identified as a central factor impacting both defensive and offensive operations. The report emphasizes evolving autonomous AI threats, identity and access risks, and the need for integrated security strategies as AI becomes more deeply embedded in enterprise systems.