A critical security flaw in the LiteLLM Python package has been rapidly exploited by threat actors shortly after its public disclosure, highlighting the growing speed at which attackers weaponize newly revealed vulnerabilities. The issue, tracked as CVE-2026-42208 with a severity score of 9.3, affects LiteLLM, an open-source AI gateway developed by BerriAI. Nature of the Vulnerability […]
A serious security vulnerability has been identified in LeRobot, an open-source robotics platform developed by Hugging Face, potentially allowing attackers to execute arbitrary code without authentication. Tracked as CVE-2026-25874, the flaw carries a high severity rating of 9.3 and raises significant concerns for organizations using AI-driven robotics systems. Root Cause of the Vulnerability The issue
Artificial intelligence company Anthropic has introduced a new cybersecurity initiative called Project Glasswing, powered by an advanced preview model known as Claude Mythos. The program aims to strengthen global software security by identifying and fixing critical vulnerabilities before they can be exploited. The initiative will involve collaboration with major technology and security organizations, including Amazon
A newly identified security weakness in Google Vertex AI has raised serious concerns about potential data exposure and cloud infrastructure compromise. Security researchers have revealed that artificial intelligence agents operating within the platform could be manipulated to access sensitive information without authorization. Misconfigured Permissions Create a Hidden Risk The issue stems from how permission controls are implemented
Vertex AI Vulnerability Exposes Sensitive Google Cloud Data and Private Artifacts Read More »
A critical security issue affecting AI systems has been resolved after researchers discovered vulnerabilities in ChatGPT and Codex that could have exposed sensitive user data and developer credentials. ChatGPT Flaw Enabled Covert Data Exfiltration Researchers from Check Point uncovered a previously unknown weakness in ChatGPT that allowed hidden data exfiltration without user awareness. The flaw made it possible for
Security researchers have uncovered serious vulnerabilities in widely used artificial intelligence frameworks, exposing enterprise systems to potential data breaches. The affected platforms, LangChain and LangGraph, are commonly used to build applications powered by large language models, making the impact both widespread and significant. Massive Adoption Increases Risk Exposure Both frameworks are deeply embedded in modern AI development environments.
Critical Flaws in LangChain and LangGraph Expose Files, Secrets, and Databases Read More »
Cybersecurity researchers have uncovered a serious security flaw in Claude’s Google Chrome extension that allowed attackers to inject malicious prompts without any user interaction. The vulnerability made it possible for a simple website visit to silently manipulate the AI assistant’s behavior. How the Zero-Click Attack Worked According to researchers at Koi Security, the flaw allowed any website
A major supply chain attack campaign has emerged as TeamPCP, the threat actor behind previous Trivy and KICS compromises, has backdoored the popular Python package LiteLLM. Versions 1.82.7 and 1.82.8, released on March 24, 2026, contained a credential harvester, Kubernetes lateral movement toolkit, and a persistent systemd backdoor. Security vendors including Endor Labs and JFrog confirmed the malicious
Cybersecurity researchers have uncovered multiple security weaknesses in several artificial intelligence platforms that could allow attackers to steal sensitive data or execute malicious commands. The issues affect services associated with Amazon, LangSmith, and SGLang. According to recent research, attackers can exploit these weaknesses to extract confidential information, hijack accounts, and potentially gain remote code execution
Cybersecurity experts have revealed a new AI-assisted malware strain named Slopoly, reportedly used by the financially motivated threat actor Hive0163 to maintain long-term access in ransomware attacks. IBM X-Force researcher Golo Mühr commented, “Although still relatively unsophisticated, AI-generated malware like Slopoly demonstrates how easily attackers can leverage artificial intelligence to accelerate malware development.” Overview of Hive0163 Operations Hive0163