Cybersecurity

A critical SQL injection vulnerability in the open-source AI gateway LiteLLM was actively exploited just days after its public disclosure, exposing sensitive database tables. Threat actors quickly leveraged the pre-authentication flaw (CVE-2026-42208) to access API keys and provider credentials, highlighting the rapid weaponization of newly disclosed vulnerabilities in critical infrastructure components.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical directive, ordering all federal agencies to immediately patch a Windows zero-day vulnerability (CVE-2026-32202) that is actively being exploited. This severe flaw, identified as a zero-click NTLM hash leak, has been leveraged by the Russian state-sponsored cyberespionage group APT28 (Fancy Bear) in attacks against Ukraine and EU countries. CISA has given federal agencies until May 12 to implement the required patches.

GitHub recently addressed a severe remote code execution (RCE) vulnerability, CVE-2026-3854, that threatened millions of private repositories on its platform. The critical flaw, which was reported by Wiz researchers and promptly patched within hours, could have granted attackers full read/write access via a single malicious `git push` command. While the issue was swiftly remediated on GitHub.com, a significant number of GitHub Enterprise Server instances remain vulnerable, necessitating immediate upgrades.

cPanel has issued urgent security updates to address a critical authentication vulnerability that could grant attackers unauthorized access to control panel software. This flaw impacts all currently supported versions, prompting immediate action for server administrators globally. Web hosting provider Namecheap has already implemented temporary firewall rules to mitigate risk while patches are deployed.

Even as cybersecurity teams close hundreds of vulnerabilities, a critical question persists: are organizations actually safer? Exposure management platforms promise to bridge the gap between remediation efforts and genuine risk reduction, yet the market is flooded with solutions that often fail to deliver on that core promise.

Threat actors are now deploying custom AI setups to automate cyber attacks directly into the kill chain, autonomously seizing critical credentials in minutes. This significant shift demands a new defensive paradigm, as traditional human-speed workflows are proving inadequate against machine-speed adversaries. A forthcoming webinar will address this critical gap by introducing autonomous exposure validation strategies.

A critical remote code execution (RCE) vulnerability in GitHub's internal Git infrastructure exposed millions of repositories, allowing authenticated users to execute arbitrary commands. Despite a swift patch for GitHub.com, new reports indicate a staggering 88% of GitHub Enterprise Server instances remain unpatched. This flaw, discovered by Wiz, impacted both public and private repos across GitHub.com and Enterprise Server deployments.

Cyber adversaries are actively exploiting a critical SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a popular open-source large-language model (LLM) gateway. Exploitation began approximately 36 hours post-disclosure, allowing attackers to access and potentially modify sensitive API keys, virtual and master keys, and environment secrets stored in the proxy's database. This pre-authentication flaw poses a significant risk to organizations managing multiple AI models and their associated credentials.

A critical SQL injection vulnerability in BerriAI's LiteLLM Python package (CVE-2026-42208) was actively exploited in the wild within 36 hours of its public disclosure, underscoring a severe and immediate threat to AI infrastructure. This rapid exploitation highlights the speed with which sophisticated threat actors can operationalize newly revealed flaws, targeting highly sensitive large language model (LLM) provider credentials and proxy configurations. The flaw allows unauthenticated attackers to potentially compromise access to cloud-grade LLM services.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently updated its Known Exploited Vulnerabilities (KEV) catalog, adding two critical flaws in ConnectWise ScreenConnect and Microsoft Windows. This move comes as evidence confirms active exploitation of these vulnerabilities by sophisticated threat actors, including state-sponsored groups. The update underscores the immediate imperative for organizations to patch their systems to prevent compromise.

Anthropic's new Claude Mythos Preview model has demonstrated the alarming capability to autonomously discover and weaponize software vulnerabilities, creating functional exploits without human intervention. This significant advancement in AI-driven offense has profound implications for global cybersecurity, potentially compromising critical systems and services. The limited release of Mythos has sparked debate within the security community regarding AI safety, resource constraints, and the future of vulnerability management.

Sevii has launched its new Cyber Swarm Defense (CSD) mode, an innovative solution designed to bring much-needed predictability to the escalating costs of agentic AI security. This development directly addresses a critical challenge faced by CISOs and defense budget planners: managing unpredictable expenditures associated with autonomous AI operations. By shifting from variable token-based billing to a fixed per-asset protection model, Sevii aims to stabilize cybersecurity budgets amidst a rapidly evolving threat landscape.