Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. A critical-severity vulnerability in the open source AI gateway LiteLLM was exploited days ...
Bleeping Computer

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL ...
CNET

Why Use a Proxy Server? Benefits, Drawbacks and Common Use Cases

Joe Supan is a senior writer for CNET covering home technology, broadband, and moving. Prior to joining CNET, Joe led MyMove's moving coverage and reported on broadband policy, the digital divide, and ...
Business Insider

Mercor hit with 5 contractor lawsuits in a week over data breach

Contractors said in at least five lawsuits that AI training startup Mercor exposed their data to hackers. Mercor said last week it was "impacted" by compromised LiteLLM software. One of the suits ...
Wired

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
SecurityWeek

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, ...
TechCrunch

Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open source project LiteLLM. The AI startup told TechCrunch on Tuesday that it ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, ...