Explore

Rapid Read Rapid Read
LiteLLM Vulnerability Exploited Shortly After Disclosure, Exposing Sensitive Data

LiteLLM Vulnerability Exploited Shortly After Disclosure, Exposing Sensitive Data

A critical vulnerability in the LiteLLM AI gateway was exploited shortly after its disclosure, allowing attackers to access sensitive database tables. The flaw, identified as CVE-2026-42208, involves an SQL injection during the proxy API key verification process. This vulnerability enables unauthenticated attackers to send crafted Authorization headers to access the database, potentially leaking credentials. The first attacks were observed 36 hours after the advisory was indexed in the GitHub Advisory database. Attackers targeted tables containing API keys and provider credentials, although no further exploitation of the extracted data has been reported.
Rapid Read Rapid Read
LiteLLM Vulnerability Exploited Shortly After Disclosure, Highlights Cybersecurity Risks

LiteLLM Vulnerability Exploited Shortly After Disclosure, Highlights Cybersecurity Risks

A critical vulnerability in the open-source AI gateway LiteLLM was exploited shortly after its public disclosure. Identified as CVE-2026-42208, the vulnerability involves an SQL injection during the proxy API key verification process, allowing unauthorized access to sensitive database information. The flaw was disclosed on April 20, and within 36 hours, attackers began exploiting it to target database tables containing API keys and credentials. The attacks were automated, with attempts occurring 21 minutes apart, indicating a high level of sophistication. LiteLLM has since released a patch to address the vulnerability, urging users to update their systems to prevent further exploitation.
Rapid Read Rapid Read
OpenSSH Vulnerability Exposes Servers to Root Access for 15 Years

OpenSSH Vulnerability Exposes Servers to Root Access for 15 Years

A critical vulnerability in OpenSSH, identified as CVE-2026-35414, has been discovered, affecting versions released over the past 15 years. This flaw allows attackers to gain full root shell access to servers by exploiting a mishandling of the authorized_keys principals option. The issue arises when a comma in an SSH certificate principal name is misinterpreted, enabling users with a valid certificate from a trusted CA to authenticate as root. The vulnerability, which has a CVSS score of 8.1, was identified by the cybersecurity firm Cyera. The flaw does not register authentication failures in logs, making detection through log-based methods unreliable. The vulnerability was patched in OpenSSH version 10.3, released in early April 2026.
Rapid Read Rapid Read
GlassWorm Malware Linked to Dozens of Open VSX Extension Clones

GlassWorm Malware Linked to Dozens of Open VSX Extension Clones

Security firm Socket has identified over 70 suspicious extensions on the Open VSX marketplace linked to the GlassWorm malware. These extensions, which are clones of popular ones, were published by newly created GitHub accounts. GlassWorm, first appearing in October 2025, is designed to steal credentials and cryptocurrency. The extensions are likely sleeper agents, intended to deploy malware through future updates. This pattern of cloned extensions mirrors previous GlassWorm waves, where extensions are initially published without a payload and later updated to deliver malware.
Trendline Trendline
Open VSX Marketplace Extensions Linked to GlassWorm Malware Threaten User Security

Open VSX Marketplace Extensions Linked to GlassWorm Malware Threaten User Security

Open VSX Marketplace Extensions Linked to GlassWorm Malware Threaten User Security
Rapid Read Rapid Read
Incomplete Windows Patch Leaves Systems Vulnerable to Zero-Click Attacks

Incomplete Windows Patch Leaves Systems Vulnerable to Zero-Click Attacks

Akamai has reported that an incomplete patch for a Windows vulnerability has led to a new security flaw, enabling zero-click attacks. The original vulnerability, CVE-2026-21510, was patched in February but left a gap that attackers could exploit without user interaction. This flaw allows attackers to steal credentials via auto-parsed LNK files. The Russian-linked group APT28 has been identified as exploiting this vulnerability, targeting entities in Ukraine and the European Union. Microsoft has since released a fix for the new vulnerability, CVE-2026-32202, as part of its April 2026 security updates.
Trendline Trendline
Checkmarx Confirms Data Theft in Supply Chain Attack Affecting Open Source Project

Checkmarx Confirms Data Theft in Supply Chain Attack Affecting Open Source Project

Checkmarx Confirms Data Theft in Supply Chain Attack Affecting Open Source Project
Trendline Trendline
GitHub Patches Critical RCE Vulnerability Affecting Millions of Repositories

GitHub Patches Critical RCE Vulnerability Affecting Millions of Repositories

GitHub Patches Critical RCE Vulnerability Affecting Millions of Repositories
Trendline Trendline
GitHub Patches Critical Remote Code Execution Vulnerability Affecting Millions of Repositories

GitHub Patches Critical Remote Code Execution Vulnerability Affecting Millions of Repositories

GitHub Patches Critical Remote Code Execution Vulnerability Affecting Millions of Repositories
Rapid Read Rapid Read
Open Source Software Compromised, User Credentials Stolen

Open Source Software Compromised, User Credentials Stolen

An open-source software package with over 1 million monthly downloads was compromised after attackers exploited a vulnerability in the developers' account workflow. This breach allowed access to signing keys and sensitive information. The attackers published a malicious version of the element-data package, which scoured systems for sensitive data such as user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys. The malicious version, tagged as 0.23.3, was removed within 12 hours of its release. Developers have since rotated all affected credentials and audited their GitHub actions to prevent future vulnerabilities.
Trendline Trendline
OpenSSH Vulnerability Exposes Servers to Root Access for 15 Years

OpenSSH Vulnerability Exposes Servers to Root Access for 15 Years

OpenSSH Vulnerability Exposes Servers to Root Access for 15 Years
Rapid Read Rapid Read
Pack2TheRoot Vulnerability in Linux Allows Unprivileged Users Root Access

Pack2TheRoot Vulnerability in Linux Allows Unprivileged Users Root Access

A high-severity vulnerability known as 'Pack2TheRoot' has been identified in the PackageKit cross-distro package management system used in Linux. This flaw, tracked as CVE-2026-41651, is a time-of-check time-of-use (TOCTOU) race condition that allows unprivileged users to install packages with root privileges. The vulnerability affects multiple Linux distributions, including Ubuntu, Debian, and Fedora. It has been present in PackageKit since version 0.8.1, released 14 years ago. The flaw allows attackers to exploit the system by running transactions with corrupted flags, leading to unauthorized root access.