A critical SQL injection vulnerability in the open-source AI gateway LiteLLM was actively exploited just days after its public disclosure, exposing sensitive database tables. Threat actors quickly leveraged the pre-authentication flaw (CVE-2026-42208) to access API keys and provider credentials, highlighting the rapid weaponization of newly disclosed vulnerabilities in critical infrastructure components.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical directive, ordering all federal agencies to immediately patch a Windows zero-day vulnerability (CVE-2026-32202) that is actively being exploited. This severe flaw, identified as a zero-click NTLM hash leak, has been leveraged by the Russian state-sponsored cyberespionage group APT28 (Fancy Bear) in attacks against Ukraine and EU countries. CISA has given federal agencies until May 12 to implement the required patches.

GitHub recently addressed a severe remote code execution (RCE) vulnerability, CVE-2026-3854, that threatened millions of private repositories on its platform. The critical flaw, which was reported by Wiz researchers and promptly patched within hours, could have granted attackers full read/write access via a single malicious `git push` command. While the issue was swiftly remediated on GitHub.com, a significant number of GitHub Enterprise Server instances remain vulnerable, necessitating immediate upgrades.

cPanel has issued urgent security updates to address a critical authentication vulnerability that could grant attackers unauthorized access to control panel software. This flaw impacts all currently supported versions, prompting immediate action for server administrators globally. Web hosting provider Namecheap has already implemented temporary firewall rules to mitigate risk while patches are deployed.

Even as cybersecurity teams close hundreds of vulnerabilities, a critical question persists: are organizations actually safer? Exposure management platforms promise to bridge the gap between remediation efforts and genuine risk reduction, yet the market is flooded with solutions that often fail to deliver on that core promise.

Threat actors are now deploying custom AI setups to automate cyber attacks directly into the kill chain, autonomously seizing critical credentials in minutes. This significant shift demands a new defensive paradigm, as traditional human-speed workflows are proving inadequate against machine-speed adversaries. A forthcoming webinar will address this critical gap by introducing autonomous exposure validation strategies.

Ukraine is strategically leveraging its advanced drone warfare capabilities to forge new diplomatic alliances across the Middle East and Europe. This initiative, spearheaded by President Zelenskiy, aims to bolster Kyiv's global standing and restrict Russia's influence, particularly amid shifting international support. However, significant hurdles in export controls and intellectual property protection currently challenge Kyiv's ambition to become a major defense exporter.

The U.S. Navy is developing next-generation sonobuoys specifically engineered to detect increasingly stealthy Russian and Chinese submarines, marking a significant advancement in anti-submarine warfare capabilities. These advanced sensors are designed to withstand extreme forces, including impacts reaching 100G upon hitting the ocean surface, ensuring reliable deployment in contested environments. This technological leap aims to strip adversary submarines of their acoustic advantage, critical for maintaining undersea dominance.

Belgium has launched an urgent €1.1 billion ($1.3 billion) tender for advanced counter-drone systems, prompting its defense minister to meet with top US defense firms like BAE Systems and Shield AI. This significant investment follows recent unidentified drone incidents near Belgian military bases, underscoring a critical and immediate national security need. The tender is expected to cover a 10-year period, with Brussels aiming for rapid deployment of new capabilities.

The U.S. Air Force is set to invest over $12 billion to acquire nearly 27,000 new low-cost cruise missiles, revealing the Family of Affordable Mass Missile (FAMM) as a critical new program of record. This massive procurement drive signals a significant strategic pivot towards equipping the military with high volumes of affordable munitions in the coming years.

A critical remote code execution (RCE) vulnerability in GitHub's internal Git infrastructure exposed millions of repositories, allowing authenticated users to execute arbitrary commands. Despite a swift patch for GitHub.com, new reports indicate a staggering 88% of GitHub Enterprise Server instances remain unpatched. This flaw, discovered by Wiz, impacted both public and private repos across GitHub.com and Enterprise Server deployments.

Cyber adversaries are actively exploiting a critical SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a popular open-source large-language model (LLM) gateway. Exploitation began approximately 36 hours post-disclosure, allowing attackers to access and potentially modify sensitive API keys, virtual and master keys, and environment secrets stored in the proxy's database. This pre-authentication flaw poses a significant risk to organizations managing multiple AI models and their associated credentials.