A critical security flaw in the LiteLLM Python package has been rapidly exploited by threat actors shortly after its public disclosure, highlighting the growing speed at which attackers weaponize newly revealed vulnerabilities. The issue, tracked as CVE-2026-42208 with a severity score of 9.3, affects LiteLLM, an open-source AI gateway developed by BerriAI. Nature of the Vulnerability […]
Cybersecurity specialists have identified a significant vulnerability in how workflow automation platforms are being weaponized by criminal organizations. Since the latter part of 2025, malicious actors have systematically exploited n8n—a widely-used cloud-based process automation solution—to conduct elaborate phishing schemes and deploy harmful software. Researchers from Cisco’s threat intelligence division documented the concerning trend in a
n8n Webhooks Exploited Since October 2025 to Spread Malware Through Phishing Emails Read More »
Cybersecurity researchers have uncovered a serious security flaw in Claude’s Google Chrome extension that allowed attackers to inject malicious prompts without any user interaction. The vulnerability made it possible for a simple website visit to silently manipulate the AI assistant’s behavior. How the Zero-Click Attack Worked According to researchers at Koi Security, the flaw allowed any website
A serious security flaw has been identified in Magento that allows unauthenticated attackers to upload malicious files, execute remote code, and potentially take over user accounts. This issue, referred to as PolyShell, has been analyzed by the security firm Sansec. The vulnerability affects all versions of Magento Open Source and Adobe Commerce up to 2.4.9-alpha2.
Technology company Apple has released a new security update to address a vulnerability in the WebKit engine that could allow attackers to bypass important browser security protections on its operating systems. The issue, tracked as CVE-2026-20643, affects devices running iOS, iPadOS, and macOS. According to Apple, the flaw could allow malicious websites to bypass the
Apple Patches WebKit Flaw Allowing Same Origin Policy Bypass on iOS and macOS Read More »
Security researchers have uncovered a new phase of the GlassWorm malware campaign, where attackers are abusing stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets widely used Python projects and can infect developers who download or execute code from compromised repositories. According to research from supply chain security firm StepSecurity,
GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories Read More »
Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms. How GlassWorm Works Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger
GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers Read More »
Cybersecurity researchers have uncovered a group of security vulnerabilities in Google Looker Studio that could have enabled attackers to run unauthorized SQL queries against victims’ databases and extract sensitive information across different organizations. The flaws, collectively named LeakyLooker, were identified by researchers from Tenable. The vulnerabilities could have exposed data across multiple environments within Google Cloud infrastructures. Google has confirmed that
Cybersecurity teams at Salesforce have reported a surge in malicious activity targeting publicly accessible Experience Cloud environments. According to the company, attackers are conducting large scale scans of these sites using a modified version of an open source security tool known as AuraInspector. The campaign primarily focuses on identifying misconfigured guest user permissions, which can expose sensitive data stored within Salesforce
Cybersecurity researchers have identified a malicious npm package that pretends to be an installer for OpenClaw but actually deploys a remote access trojan and steals sensitive information from macOS systems. The package, called @openclaw-ai/openclawai, was uploaded to the npm registry on March 3, 2026 by a user named “openclaw-ai”. Security researchers observed that the package had