Aggregated from vendor advisories, security research, and industry publications.
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
Chris Inglis was the head civilian in charge at the NSA when the Snowden leaks exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spot…
When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.
The malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to ob…
What separates good Wi-Fi engineers from ones who really can troubleshoot anything? Linux. Understanding Linux—from packet capture workflows to using tcpdump to how USB NIC drivers…
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (ak…
ThousandEyes, a Cisco company, monitors how ISPs, cloud providers and conferencing services are handling any performance challenges and provides Network World with a weekly roundup…
Article URL: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 Comments URL: https://news.ycombinator.com/item?id=47936479 Points: 447 # Comments: 92
A cryptographically relevant quantum computer is, at some point, going to emerge that can crack modern encryption. But we don’t know when, so it’s tempting to set this problem asid…
Security researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This …
Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.
Cloud storage provider Backblaze has been ripping out its 100-gigabit links and replacing them with 400-gigabit links because AI has changed how traffic flows inside their data cen…
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation acros…
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That as…
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that c…
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits witho…
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizat…
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian autho…
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new fin…
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The …
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
Take a Network Break! We start with follow up on Anthropic’s Project Glasswing and Linux 7.0. On the news side, Cisco announces a prototype quantum switch that promises to support …
_Sergey_Tarasov_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailab…
AI is promising a lot these days, to change how we work, influence how we live, and transform network traffic. It’s interesting, exciting even, but suppose it’s all hype? Wall Stre…
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on t…
Ready to travel to gain hands-on experience with new networking and infrastructure tools? Tech conferences – in person and virtual – give attendees a chance to access product demos…
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird r…
Researchers have uncovered a malware framework dubbed "fast16" that predates Stuxnet by five years.