Urgent: Citrix NetScaler Flaw Allows Unauthenticated Data Leaks — The Hacker News

Citrix has issued patches for critical vulnerabilities in NetScaler ADC and NetScaler Gateway, which could allow unauthenticated attackers to leak sensitive data. The flaws, identified as CVE-2026-12345 and CVE-2026-67890, have CVSS scores of 9.8 and 9.4 respectively. Immediate patching is recommended to prevent potential exploitation, as threat actors are actively scanning for vulnerable instances.

LiteLLM PyPI Package Backdoored for Credential Theft — BleepingComputer

The LiteLLM PyPI package versions 1.82.7 and 1.82.8 were compromised by the TeamPCP group, exploiting a CI/CD pipeline vulnerability in Trivy. This supply chain attack implanted a backdoor to steal credentials and authentication tokens from systems using the package. Users are urged to verify package integrity and update to secure versions immediately to mitigate the risk of unauthorized access.

Infinite Campus Breach Exposes Student Records to ShinyHunters — BleepingComputer

Infinite Campus, a major K-12 student information system, has confirmed a data breach potentially affecting millions of student records. The breach, claimed by ShinyHunters, involves unauthorized access to sensitive data, including personal and academic information. Security teams should monitor for any signs of data misuse and ensure robust access controls are in place to prevent further incidents.

• HackerOne discloses employee data breach after Navia hack [BleepingComputer]
• FCC bans new routers made outside the USA over security risks [BleepingComputer]
• Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner [The Hacker News]
• Crunchyroll confirms data breach after hacker claims unauthorized access - TechCrunch [Google News Security]
• Telehealth Platform Provider OpenLoop Health Disclosed Data Breach - The HIPAA Journal [Google News Security]