cybersecurity | Breaking Cybersecurity News | The Hacker News

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying LiteLLM proxy database. "A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter," LiteLLM maintainers said in an alert last week. "An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example, POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorized access to the proxy and the c...

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution on the instance. "During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers," per a GitHub advisory for the vulnerability. "Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values." Google-owned cloud security firm Wiz has been credited with discovering and reporting the issue on March 4, 2026, with GitHub validating and deployi...

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution, exploiting the trust of young users in the gaming scene." The activity has been attributed with high confidence to a threat actor known as LofyGang , which was observed leveraging typosquatted packages on the npm registry to push stealer malware in 2022, specifically with an intent to siphon credit card data and user accounts associated with Discord Nitro, gaming, and streaming services. The group, believed to be active since late 2021, advertises their tools and services on platforms like GitHub and YouTube, while also contributing to an underground hacking communit...

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT's locker permanently destroys large files rather than encrypting them means even victims who opt to pay the ransom cannot get their data back, as the decryption keys are discarded by the malware during the time encryption occurs. "VECT is being marketed as ransomware, but for any file over 131KB – which is most of what enterprises actually care about – it functions as a data destruction tool," Eli Smadja, group manager at Check Point Research, said in a statement shared with The Hacker News. "CISOs need to understand that in a VECT incident, paying is not a recovery strategy. There is no decrypter that can be handed over, not because the attackers are unwilling, but beca...

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security leaders in government, defense, and critical services across the U.S. and UK, found that 84% of government IT security leaders agree that sharing sensitive data across networks heightens their cyber risk. More than half - 53% - still rely on manual processes to move that data between systems. In 2026. With AI accelerating the pace of operations on both sides. That is the Zero Trust gap nobody talks about. Not identity. Not endpoints. The movement of data itself. The Threat Volume Is Rising Faster Than the Controls Cyber360 recorded an average of 137 attempted or successful cyberattacks pe...

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot , Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars , that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the unsafe pickle format . "LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components," according to a GitHub advisory for the flaw. "An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls." According to Resecurity, the ...

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos , and its Project Glasswing , showed that finding exploitable vulnerabilities and subtle cracks in your defenses in operating systems and browsers — work that once took experts weeks — can now be done in minutes with AI. As a result, the patch window of opportunity is now near-zero . The situation is so critical that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell recently convened an urgent meeting with the CEOs of major U.S. financial institutions to discuss the implied risks. The takeaway was straightforward: surging AI capabilities have upended risk profiles, with profound implications for institutional stability and integrity across industries.  ...

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including breaking into systems at a Texas university to steal COVID-19 vaccine information. He was charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected computers, as well as committing aggravated identity theft. Xu, along with co-defendant and Chinese national Zhang Yu, is said to have undertaken the attacks under directions issued by the Ministry of State Security's (MSS) Shanghai State Security Bureau (SSSB). Some of these attacks weaponized then zero-days in Microsoft Exchange Server, a threat activity cluster that Micro...

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort . Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a tenant. The platform enables AI agents to authenticate securely and access necessary resources, as well as discover other agents. However, the shortcoming discovered by the identity security platform meant that users assigned the Agent ID Administrator role could take over arbitrary service principals , including those beyond agent-related identities, by becoming an owner and then add their own credentials to authenticate as that principal. "That's full service principal takeover," security researcher Noa Ariel said . "In tenants where high-privileged service principals...

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this month. "Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network," Microsoft noted in an alert. "An attacker would have to send the victim a malicious file that the victim would have to execute." "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability)."...

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026," the Israeli security company said . It also emphasized that the GitHub repository is maintained separately from its customer production environment, adding that no customer data is stored in the repository. Checkmarx said its forensic probe into the incident is ongoing and that it's actively working to verify the nature and scope of the posted data. Furthermore, the company said it has locked down access to the affected GitHub repository as part of its incident response efforts. "If we determine that customer information was involved in this incident, we will notify...

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same mess, cleaner packaging. Coffee is cold. The vuln list is ugly. Let’s get into it. ⚡ Threat of the Week New fast16 Malware Was Developed Years Before Stuxnet —A new Lua-based malware called fast16, created years before the notorious Stuxnet worm, is designed to primarily target high-precision calculation software to tamper with results. The framework dates back to 2005. Analysis suggests that fast16 was active at least five years before the emergence of Stuxnet. Widely regarded as a joint U.S.-Israeli project, Stuxnet marked a turning point in cyber warfare as the first disruptive digital weap...

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right questions: Is this a step-change or an incremental advance? Does restricting access to Microsoft, Apple, AWS, and JPMorgan actually reduce risk, or does it just concentrate defensive advantage among the already-well-defended? What happens when adversaries—state actors, criminal enterprises—build equivalent capability? These are important. But there's a quieter operational problem that's getting less airtime, and it's the one that will actually determine whether most organizations survive this shift.  The Discovery-to-Remediation Gap The Mythos announcement, and the broader AI security...

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible servers.     "Despite the fact that there are no exploits for this chain of vulnerability in public access, attackers from PhantomCore managed to conduct their research and reproduce vulnerabilities, which led to a large number of cases of its operation in Russian organizations," researchers Daniil Grigoryan and Georgy Khandozhko said . PhantomCore , also called Fairy Trickster, Head Mare, Rainbow Hyena, and UNG0901, is the name assigned to a politically- and financially-motivated hacking crew that has been active since 2022 following the Russo-Ukrainian war. Attacks   mo...

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm . The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly harmless sleeper packages to get users to download them and build trust, before their true intent is manifested through a subsequent update. All the extensions were published at the start of the month, per application security company Socket, which is tracking the latest iteration under the moniker GlassWorm v2 . In total, more than 320 artifacts have been identified since December 21, 2025. The list of extensions identified as malicious is below - outsidestormcommand.monochromator-theme keyacrosslaud.auto-loop-for-antigravity krundoven.ironplc-fast-hub boulderzitunnel.vscode-buddies ...

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to have been active since at least June 2020, using methods like social engineering and back button hijacking in web browsers. As many as 35 phone numbers spanning 17 countries have been observed as part of the international revenue share fraud ( IRSF ) campaign. "The fake CAPTCHA has multiple steps, and each message crafted by the site is preconfigured with over a dozen phone numbers, meaning the victim isn't charged for just a single message – they're charged for sending SMSs to over 50 international destinations," researchers David Brunsdon and Darby Wise said in an analysi...

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper with results. It has been codenamed fast16 . "By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility," researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade said in an exhaustive report published this week. Fast16 is estimated to predate Stuxnet – the world's first known digital weapon designed for disruptive actions – by at least five years. While Stuxnet is widely attributed to the U.S. and Israel and later served as the architectural foundation for the Duqu information-...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role. CVE-2024-57728 (CVSS score: 7.2) - A path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e., zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. CVE-2024-7399 (CVSS score: 8.8) - A path traversal vulnerability in Samsung MagicINFO 9 Server that cou...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER . FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It's believed to be deployed as part of a "widespread" campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests. CVE-2025-20362 (CVSS score: 6.5) - An improper...

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers." The individual linked to the campaign was outed as Chinese national Song Wu in September 2024, when the U.S. Department of Justice (DoJ) announced charges against him for orchestrating a multi-year phishing scheme that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engine...