The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
Bleeping Computer

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Bleeping Computer

Microsoft warns of new Defender zero-days exploited in attacks

Update May 25, 04:19 EDT: CVE-2026-41091 is a Microsoft Defender local privilege escalation (LPE) flaw known as RedSun, and CVE-2026-45498 is known as UnDefend, a security flaw that can be exploited ...
Al Jazeera English

US Senate advances resolution to curb Trump’s power to wage war on Iran

The United States Senate has advanced a War Powers Resolution that could prevent President Donald Trump from using military force against Iran without congressional authorisation amid widening fallout ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
CBS News

Senate advances resolution to limit Trump's Iran war powers for first time, after 4 Republicans defect

Washington — The Senate advanced a resolution to limit President Trump's war powers in Iran on Tuesday, marking a breakthrough for Democrats after seven failed attempts. Senators approved a motion to ...
CBS News

House Republicans pull vote on Iran war resolution that appeared to have enough support to pass

House Republicans on Thursday pulled a vote on a measure that would compel President Trump to withdraw from the war with Iran, delaying action on the issue as the Trump administration struggles to ...
Reuters

(CVE.TO) | Stock Price & Latest News | Reuters

Cenovus CEO says proposed pipeline to Canada's west coast currently 'unfinanceable' Cenovus Energy CEO Jon McKenzie said Tuesday ‌Alberta's proposed 1 million barrel-per-day pipeline to British ...