The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
InfoWorld

33 LLM metrics to watch closely

Look to these key metrics and benchmarks to evaluate the performance, capability, reliability, and safety of your AI models ...
LinkedIn

Exploiting Vulnerable MCP Servers leads to RCE, information disclosure, and SQL injection.

In this lab, I explored how vulnerable MCP servers can be attacked directly using Python scripts. The objective was to exploit Information Disclosure, Command Injection, and SQL Injection ...
CSOonline

Cybersecurity trends in SEC filings

Analyzing SEC 10-K filings reveals that while CISOs handle cybersecurity under the CIO, companies rely on the NIST framework to address growing AI and supply chain risks. In 2023, the Securities and ...
WeLiveSecurity

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Security Boulevard

Top 8 AI App Security Software in 2026

AI paid compared to those with little or none, per the IBM Cost of a Data Breach Report 2025. The same IBM 2025 research found that 13% of organizations had already suffered a breach of an AI model or ...
LinkedIn

AI for DBAs: Automating SQL Injection Audits with Local AI

Manual security audits are where database productivity goes to die. If you are managing an enterprise database environment with thousands of legacy stored procedures, you know the dread of auditing ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
note

Claude Code has added "security features." Why Python developers should install it immediately

Claude Code's security features have been significantly enhanced in early 2026. From web scraping and API integration to Excel automation... I think many people have seen their coding speed increase ...