In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. […]
GitHub fixes RCE flaw that gave access to millions of private repos Read More »
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. […]
CISA orders feds to patch Windows flaw exploited as zero-day Read More »
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. […]
Microsoft says backend change broke Teams Free chat and calls Read More »
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign Read More »
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. […]
Broken VECT 2.0 ransomware acts as a data wiper for large files Read More »
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw Read More »
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi Read More »
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About Read More »