MUST READ

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

 | 

Internet censorship index reveals Russia’s lead and widespread content blocking

 | 

All supported cPanel versions hit by critical auth bug, now patched

 | 

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters exploit Anodot incident to target Vimeo

 | 

CVE-2026-3854 GitHub flaw enables remote code execution

 | 

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

 | 

Microsoft fixes Entra ID flaw enabling privilege escalation

 | 

New Android spyware Morpheus linked to Italian surveillance firm

 | 

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

 | 

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

 | 

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

 | 

LINKEDIN BROWSERGATE

 | 

Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting

 | 

Fast16: Pre-Stuxnet malware that targeted precision engineering software

 | 

Italy moves to extradite Chinese national to the U.S. over hacking charges

 | 

U.S. utility giant Itron discloses a security breach

 | 

Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94

 | 

Trigona ransomware adopts custom tool to steal data and evade detection

 | 

SQLInjection

Pierluigi Paganini April 29, 2026
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database […]

Pierluigi Paganini November 16, 2017
Formidable Forms plugin vulnerabilities expose WordPress sites attacks

A researcher from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin that expose websites to attacks. The researcher Jouko Pynnönen from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin the expose websites to attacks. The Formidable Forms plugin allows users to easily create contact pages, polls and surveys, and many other kinds […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Hacking / April 29, 2026

Internet censorship index reveals Russia’s lead and widespread content blocking

Security / April 29, 2026

All supported cPanel versions hit by critical auth bug, now patched

Security / April 29, 2026

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Security / April 29, 2026

ShinyHunters exploit Anodot incident to target Vimeo

Security / April 29, 2026