AI Tool Trips Over Classic SQL Injection A SQL injection vulnerability (CVE-2026-42208) has been identified in LiteLLM, an AI model gateway. The flaw allows attackers to manipulate database queries via unsanitised inputs, potentially leading to data exposure or modification. The vulnerability affects deployments that expose certain endpoints without proper validation. Researchers warn that exploitation could […]
cPanel Flaw Opens the Door – No Password Required (Almost) A critical authentication vulnerability has been discovered in cPanel that could allow attackers to bypass login protections under certain conditions. The flaw impacts systems using specific authentication configurations and may enable unauthorised access without valid credentials. Security researchers highlighted that exploitation could lead to full […]
North Korea Goes AI: Phishing Just Got Smarter North Korean threat actors are increasingly leveraging AI tools to enhance cyberattacks. These include phishing campaigns, malware development, and social engineering efforts. AI enables more convincing lures and automated attack scaling. Researchers observed improved impersonation tactics and faster adaptation to defences. This marks a shift towards more […]
Gemini CLI Bug: A Perfect 10 (and Not in a Good Way) Google has patched a critical vulnerability (CVSS 10) in its Gemini CLI tool that allowed remote code execution in CI/CD environments. The flaw could be exploited via malicious inputs during automated workflows, enabling attackers to execute arbitrary commands. Given the widespread use of […]
Linux “Copy Fail” Bug: When Copy & Paste Goes Rogue A newly disclosed Linux vulnerability dubbed “Copy Fail” affects core file-copying mechanisms, potentially allowing attackers to escalate privileges or corrupt data. The flaw stems from improper handling of memory during file operations, particularly when copying between privileged and non-privileged contexts. Exploitation could lead to local […]
ChatGPT Patch Fixes Data Exposure Glitch (Yes, That’s Slightly Awkward) OpenAI has addressed a security flaw in ChatGPT that could allow limited exposure of user data under specific conditions. The issue stemmed from a vulnerability that could enable users to view fragments of other users’ conversations or sensitive information due to caching or processing anomalies. […]
When Your Dependencies Betray You: The Axios Supply Chain Attack A supply chain attack targeting the popular JavaScript library Axios has been identified, where attackers injected malicious code into compromised packages. The tampered versions enabled cross-site scripting (XSS) style attacks, potentially allowing credential theft, session hijacking, and data exfiltration from affected applications. The malicious packages […]
CTRL Toolkit: Not the Shortcut You Want A campaign distributing the Russian-linked CTRL toolkit has been identified, using deceptive delivery methods such as phishing or malicious downloads. The toolkit enables attackers to maintain persistence, execute commands, and exfiltrate data from compromised systems. Its modular design allows flexible deployment depending on attacker objectives. Researchers note increasing […]
Oracle Issues Patch (And You Should Probably Install It) Oracle has released a critical patch addressing CVE-2026-21992, a severe vulnerability affecting its software products. The flaw could allow attackers to execute arbitrary code or compromise systems if left unpatched. Oracle’s update is part of its regular Critical Patch Update cycle, which includes fixes for multiple […]
