The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
New Scientist

Pancreatic cancer halted by virus injection in three patients

A virus has stopped pancreatic cancer in its tracks in three people in a clinical trial in the US. Further evaluation is needed in larger trials, but the early results are encouraging, especially ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Bleeping Computer

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...
Memeburn

Grok Hack Explained: How Prompt Injection Drained Nearly $200K

A trader did not need to hack Grok, steal a password, or break a smart contract. A hidden Morse code prompt inside a public X reply was enough to trigger a nearly $200K crypto transfer from Grok’s ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
CSOonline

Fortinet hit by another exploited cybersecurity flaw

A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of internet facing systems at risk. Yet another critical flaw in a Fortinet ...
IEEE

AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Abstract: Structured Query Language (SQL) injection attacks represent a critical threat to database-driven applications and systems, exploiting vulnerabilities in input fields to inject malicious SQL ...
Healthline

A Guide to GLP-1 Injection Sites

GLP-1 medications, such as Ozempic and Wegovy, are injected into the fatty layer beneath the skin to manage blood sugar and aid in weight management. The recommended injection sites include the ...