The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable ...
TechJuice

This Popular AI Tool Was Hacked in Just 36 Hours (Here’s What Attackers Stole)

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...
Onrec

6 Ahrefs API Alternatives in 2026 You Must Know

The SE Ranking API is the best Ahrefs alternative. It was designed to give teams direct access to core SEO data without the overhead of complex infrastructure. It supports essential use cases such as ...

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by ...

Command Zero Accelerates SecOps Pipelines with APIs and MCP Server

Command Zero today released a broad set of API endpoints and a Model Context Protocol (MCP) server for its Autonomous & AI-Assisted SOC platform. Customers can now drive threat hunts, investigations, ...

Command Zero opens its autonomous security operations center platform with APIs and an MCP server

Command Zero opens its autonomous security operations center platform with APIs and an MCP server - SiliconANGLE ...

Team Cymru Launches Pure Signal™ MCP Server, Bringing Agentic AI to the World’s Largest Threat Intelligence Data Ocean

Team Cymru today announced the general availability of the Pure Signal™ MCP Server, the first purpose-built, production-grade ...
BeInCrypto

Dark Web Claims Polymarket Hack, But the Platform Fires Back

Polymarket dismissed a dark web hack claim, calling the records publicly available via its free APIs and on-chain data ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...
Infosecurity Magazine

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

OpenAI’s subtle drift from Microsoft has become an aggressive move toward Amazon

A lot has happened since late October, when OpenAI completed its recapitalization, giving Microsoft a 27% stake in the ...