Daily Cyber News

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution

Google has resolved a critical security issue with a maximum severity rating that impacted its Gemini CLI ecosystem, a flaw that could have enabled attackers to execute unauthorized commands on affected systems. According to a report published by Novee Security, the vulnerability allowed attackers without privileges to inject malicious configurations into Gemini CLI environments. This manipulation […]

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution Read More »

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity experts have uncovered a sophisticated supply chain attack targeting SAP-related npm packages, exposing developers and enterprise environments to large-scale credential theft. The campaign, identified as “Mini Shai-Hulud,” has been linked to techniques previously associated with the TeamPCP threat actor group. Compromised Packages in SAP Ecosystem The attack impacted several widely used packages within SAP’s JavaScript and

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack Read More »

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks

Cybersecurity researchers have uncovered a sophisticated cyber campaign linked to North Korean threat actors, combining AI-generated malicious code, fake corporate identities, and advanced malware to compromise developers, particularly in the Web3 and cryptocurrency ecosystem. The operation, tracked as PromptMink, has been attributed to Famous Chollima, also known as Shifty Corsair, a group previously associated with long-running

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks Read More »

LiteLLM CVE-2026-42208 SQL Injection Vulnerability Exploited Within 36 Hours of Disclosure

A critical security flaw in the LiteLLM Python package has been rapidly exploited by threat actors shortly after its public disclosure, highlighting the growing speed at which attackers weaponize newly revealed vulnerabilities. The issue, tracked as CVE-2026-42208 with a severity score of 9.3, affects LiteLLM, an open-source AI gateway developed by BerriAI. Nature of the Vulnerability

LiteLLM CVE-2026-42208 SQL Injection Vulnerability Exploited Within 36 Hours of Disclosure Read More »

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push

Security researchers have revealed a high-impact vulnerability affecting GitHub that could enable attackers to execute arbitrary code using nothing more than a single git push command. Tracked as CVE-2026-3854, the flaw carries a CVSS score of 8.7 and impacts both GitHub.com and GitHub Enterprise Server environments. Nature of the Vulnerability The issue is classified as a command injection flaw.

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push Read More »

Brazilian LofyGang Returns After Three Years With Minecraft-Based LofyStealer Campaign

A Brazil-linked cybercrime group has resurfaced after more than three years, launching a fresh malware campaign aimed at Minecraft players. The operation introduces a new information-stealing tool known as LofyStealer, also referred to as GrabBot. Malware Disguised as a Minecraft Tool According to findings from ZenoX, the malware is distributed under the guise of a Minecraft

Brazilian LofyGang Returns After Three Years With Minecraft-Based LofyStealer Campaign Read More »

VECT 2.0 Ransomware Permanently Destroys Files Larger Than 131KB Across Windows, Linux, and ESXi

Cybersecurity analysts have raised alarms about a ransomware operation known as VECT 2.0, which behaves more like a destructive wiper than traditional ransomware. A major flaw in its encryption logic causes permanent data loss, even if victims decide to pay the ransom. Ransomware That Cannot Restore Data Unlike typical ransomware, VECT 2.0 fails to properly

VECT 2.0 Ransomware Permanently Destroys Files Larger Than 131KB Across Windows, Linux, and ESXi Read More »

Critical Unpatched Vulnerability Exposes Hugging Face LeRobot to Unauthenticated Remote Code Execution

A serious security vulnerability has been identified in LeRobot, an open-source robotics platform developed by Hugging Face, potentially allowing attackers to execute arbitrary code without authentication. Tracked as CVE-2026-25874, the flaw carries a high severity rating of 9.3 and raises significant concerns for organizations using AI-driven robotics systems. Root Cause of the Vulnerability The issue

Critical Unpatched Vulnerability Exposes Hugging Face LeRobot to Unauthenticated Remote Code Execution Read More »

Alleged Silk Typhoon Hacker from China Extradited to the U.S. for Cyberattacks on COVID Research

A Chinese national accused of participating in a major cyber espionage campaign linked to COVID-19 research has been extradited from Italy to the United States, marking a significant development in an ongoing international cybercrime investigation. Arrest and Extradition Details The suspect, Xu Zewei, aged 34, was taken into custody by Italian authorities in July 2025. His

Alleged Silk Typhoon Hacker from China Extradited to the U.S. for Cyberattacks on COVID Research Read More »

Microsoft Fixes Entra ID Role Vulnerability That Allowed Service Principal Takeover

Microsoft has addressed a critical security weakness in its Entra ID platform that could have allowed attackers to gain control over service principals and escalate privileges within enterprise environments. The issue, uncovered by cybersecurity firm Silverfort, involved a built-in administrative role designed for managing artificial intelligence driven identities. Understanding the Role and the Risk The vulnerability

Microsoft Fixes Entra ID Role Vulnerability That Allowed Service Principal Takeover Read More »