The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
TechJuice

This Popular AI Tool Was Hacked in Just 36 Hours (Here’s What Attackers Stole)

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by ...
DataBreachToday

Researchers Find 38 Flaws in OpenEMR. They've Been Fixed

Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day ...
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable ...
SecurityWeek

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google has analyzed AI indirect prompt injection attempts involving sites on the public web and noticed an increase in ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Hosted on MSN

Anthropic launches Project Glasswing to counter AI-driven cyber threats

Anthropic has unveiled Project Glasswing, a partnership with major U.S. tech and financial institutions to preemptively detect and patch critical software vulnerabilities. Powered by its Claude Mythos ...