Critical LiteLLM SQL Injection Vulnerability Exploited — BleepingComputer

Hackers are actively exploiting a critical SQL injection vulnerability in the LiteLLM open-source large-language model. This pre-authentication flaw allows attackers to access and manipulate sensitive information stored in the system. Security teams should prioritize patching this vulnerability and monitor for any signs of unauthorized access or data breaches.

Critical GitHub CVE-2026-3854 RCE Vulnerability Disclosed — The Hacker News

Researchers have disclosed a critical remote code execution (RCE) vulnerability, CVE-2026-3854, in GitHub, exploitable via a single Git push command. This flaw poses a significant risk as it allows attackers to execute arbitrary code on affected systems. Security teams should apply patches immediately and review access logs for any suspicious activity.

Windows Shell CVE-2026-32202 Actively Exploited — The Hacker News

Microsoft has confirmed active exploitation of a high-severity vulnerability, CVE-2026-32202, in the Windows Shell. This flaw allows attackers to execute arbitrary code, potentially leading to full system compromise. Security teams should ensure all systems are patched with the latest updates and monitor for indicators of compromise.

• Feuding Ransomware Groups Leak Each Other's Data [Dark Reading]
• Vidar Rises to Top of Chaotic Infostealer Market [Dark Reading]
• US reportedly charges Scattered Spider hacker arrested in Finland [BleepingComputer]
• Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data [BleepingComputer]
• Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks [The Hacker News]