top of page

ALL POSTS

CVE-2026-42208: LiteLLM SQL Injection Vulnerability Exploited Within 36 Hours of Public Disclosure

Key Findings Critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM Python package exploited within 36 hours of public disclosure Affects versions 1.81.16 through 1.83.6; patched in version 1.83.7 released April 19, 2026 First exploitation attempt recorded April 26 at 16:17 UTC from IP 65.111.27.132 Threat actor demonstrated precise knowledge of LiteLLM database schema, targeting high-value credential tables No confirmed data theft or credential

CISA Adds Microsoft Windows Shell and ConnectWise ScreenConnect Vulnerabilities to Known Exploited Vulnerabilities Catalog

Key Findings CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog CVE-2024-1708 is a critical path traversal flaw in ConnectWise ScreenConnect (CVSS 8.4) allowing remote code execution CVE-2026-32202 is a Windows Shell spoofing vulnerability (CVSS 4.3) currently under active exploitation by multiple threat actors Federal agencies must patch both vulnerabilities by May 12, 2026 The ConnectWise flaw has been chained with a critical au

Critical Unpatched Vulnerability in Hugging Face LeRobot Enables Unauthenticated Remote Code Execution

Key Findings CVE-2026-25874 (CVSS 9.3) in Hugging Face LeRobot allows unauthenticated remote code execution via unsafe pickle deserialization Vulnerability exists in PolicyServer and robot client components using unencrypted gRPC channels without TLS Flaw remains unpatched as of now, with fix planned for version 0.6.0 Nearly 24,000 GitHub stars indicate significant adoption despite the critical security issue Attackers can steal credentials, compromise connected robots, and m

CVE-2026-3854: Critical GitHub Remote Code Execution Vulnerability Discovered

Key Findings Critical vulnerability CVE-2026-3854 allows remote code execution on GitHub through a single git push command Affects GitHub Enterprise Cloud, GitHub Enterprise Server, and related variants Command injection flaw exploitable by any user with repository push access Vulnerability chain enables attackers to bypass sandbox protections and execute arbitrary commands as the git service user Wiz researchers discovered the flaw on March 4, 2026; GitHub patched within two

GitHub CVE-2026-3854: Critical RCE Vulnerability Triggered by Single Git Push

Key Findings Critical command injection vulnerability (CVE-2026-3854, CVSS 8.7) allows authenticated users to achieve remote code execution via a single git push command Affects GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server across multiple versions Flaw stems from unsanitized user-supplied git push options being embedded in internal service headers without proper delimiter handling Exploitation chain allows attackers to bypass sandbox protections, redirect

ShinyHunters Leaks Data from Major Retailers in Salesforce Security Breach

Key Findings ShinyHunters posted data from Udemy, Zara, and 7-Eleven on dark web leak sites between April 22-27, 2026 Udemy breach contains 2.3 GB including 1.4 million Salesforce records with personally identifiable information 7-Eleven breach involves 12.8 GB with over 600,000 Salesforce records Zara breach claims 192 GB from BigQuery instances, linked to third-party service Anodot All three companies allegedly ignored negotiation attempts before data was released None of t

Supreme Court Questions Geofence Surveillance: Justices Challenge Both Government and Privacy Arguments

Key Findings Supreme Court justices expressed skepticism toward both petitioner and government arguments in Chatrie v. United States, a case that could reshape government surveillance authority The case hinges on whether geofence warrants—which pull location data for all devices in a specific area during a specific timeframe—violate Fourth Amendment protections Conservative justices questioned why citizens who voluntarily share location data with Google should be protected fr

82 Chrome Extensions Caught Selling User Data to Third Parties, Affecting Millions

Key Findings LayerX Security identified 82 Chrome extensions explicitly reserving the right to sell user data to third parties At least 6.5 million users are affected across confirmed cases 75 of the 82 extensions remain active on the Chrome Web Store with only 7 removed Data collection practices are disclosed in privacy policies but largely unnoticed by users 29 extensions operate as sales intelligence tools capturing internal corporate browsing activity Background Most peop

Italy Moves to Extradite Chinese National to U.S. on Hacking Charges

Key Findings Italian authorities extradited Chinese national Xu Zewei to the U.S. on Monday after his arrest in Milan in July 2025 Xu is accused of being part of HAFNIUM (also known as Silk Typhoon), a state-backed hacking group directed by China's Ministry of State Security The group targeted COVID-19 research at universities, exploiting Microsoft Exchange Server zero-day vulnerabilities to compromise over 12,700 U.S. organizations Xu allegedly worked for Shanghai Powerock N

Chinese Spy Infiltrates NASA Through Phishing Campaign to Steal Defense Software

Key Findings Chinese national Song Wu conducted a multi-year spear-phishing campaign impersonating U.S. aerospace researchers between 2017 and 2021 Targets included NASA, U.S. military, government agencies, universities, and private companies Wu obtained export-controlled software and source code for aerospace engineering and computational fluid dynamics applications The stolen technology has potential applications in advanced tactical missile development and weapons assessme

ADT – 5,488,888 Accounts Breached

Key Findings ShinyHunters conducted two major "pay or leak" extortion campaigns in April 2026 targeting ADT and Udemy ADT breach exposed 5.5 million unique email addresses plus names, phone numbers, and physical addresses Small percentage of ADT records also contained dates of birth and last four digits of Social Security numbers or Tax IDs Udemy breach exposed 1.4 million unique email addresses belonging to customers and instructors Udemy data included names, addresses, phon

Critical CrowdStrike LogScale Vulnerability Exposes Files to Unauthorized Access

Key Findings CrowdStrike disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in LogScale self-hosted The flaw allows remote attackers to read arbitrary files from server filesystems without authentication Next-Gen SIEM and LogScale SaaS customers are not affected due to network-layer mitigations applied April 7, 2026 Self-hosted LogScale customers must urgently upgrade to patched versions No known active exploitation has occurred to date The vuln

Critical Microsoft Entra Agent ID Vulnerability Allows Complete Tenant Takeover Through Privilege Escalation

Key Findings Silverfort researchers discovered a critical privilege escalation vulnerability in Microsoft Entra Agent ID that allowed tenant takeover through Service Principal hijacking The Agent ID Administrator role had overly broad permissions, enabling attackers to modify any Application Service Principal instead of just agent-related objects Attackers could inject credentials into high-privilege Service Principals and authenticate as them, gaining full tenant control Vul

GopherWhisper APT: China-Linked Campaign Deploys Go-Based Malware Against Mongolian Government

KEY FINDINGS ESET discovered GopherWhisper, a previously undocumented China-aligned APT group targeting Mongolian government institutions The group uses a toolkit primarily written in Go, including custom loaders, injectors, and multiple backdoors GopherWhisper abuses legitimate platforms like Discord, Slack, Outlook, and file.io for command-and-control and data exfiltration At least 12 systems within a Mongolian government entity were confirmed infected, with dozens more sus

Trigona Ransomware Gang Deploys Custom Exfiltration Tool for Data Theft and Detection Evasion

Key Findings Trigona ransomware operators have deployed a custom command-line tool called uploader_client.exe to replace publicly available utilities like Rclone and MegaSync The shift, observed in March 2026 attacks, provides attackers greater control and detection evasion capabilities The custom tool uses multiple parallel connections and rotates TCP connections to avoid network monitoring and traffic analysis Trigona affiliates disable security tools using vulnerable kerne

Over 400,000 WordPress Sites Vulnerable to Breeze Cache Plugin Exploit (CVE-2026-3844)

Key Findings Critical vulnerability (CVE-2026-3844, CVSS 9.8) in Breeze Cache WordPress plugin allows unauthenticated file uploads Over 400,000 websites currently affected by the flaw Wordfence detected 170+ active attacks, with 3,936 blocked in 24 hours alone Vulnerability requires "Host Files Locally – Gravatars" option to be enabled, which is disabled by default Affects all versions up to 2.4.4; patch available in version 2.4.5 Background Breeze Cache is a popular free Wor

CISA Adds Exploited Vulnerabilities to KEV Catalog, Establishes May 2026 Federal Remediation Deadline

Key Findings CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on Friday SimpleHelp flaws enable privilege escalation and arbitrary code execution, previously linked to DragonForce ransomware campaigns Samsung MagicINFO vulnerability allows arbitrary file writes with system-level access and has been exploited since PoC release in April 2025 D-Link DIR-823X command injection flaw is being weaponized to deliver Mirai botnet varian

TeamPCP Hijacks Bitwarden CLI, Exploits Dependabot to Distribute Shai-Hulud Malware

Key Findings TeamPCP compromised the widely-used @bitwarden/cli npm package on April 20, 2026, targeting developers who rely on Bitwarden for credential management The attack leveraged Dependabot, GitHub's trusted automation bot, to pull a trojanized Checkmarx KICS Docker image and execute malware with CI privileges Shai-Hulud malware uses GitHub itself as a fallback command and control server when primary infrastructure is blocked, making it unusually resilient The worm inje

PhantomRPC: Windows RPC Privilege Escalation Vulnerability Discovered

Key Findings PhantomRPC is a novel local privilege escalation vulnerability in Windows RPC architecture affecting likely all Windows versions Vulnerability enables processes with impersonation privileges to escalate to SYSTEM level permissions Five distinct exploitation paths identified across local service, network service, and user contexts Differs fundamentally from "Potato" exploit family but remains unpatched despite responsible disclosure Architectural weakness creates

FIRESTARTER Backdoor Persists on Federal Cisco Security Devices Despite Patches

Key Findings FIRESTARTER backdoor compromised a U.S. federal Cisco Firepower ASA device in September 2025 and persisted even after security patches were applied The malware survives firmware updates and device reboots by embedding itself in the boot sequence, requiring a hard power cycle to remove APT actors exploited CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5) to gain initial access before deploying FIRESTARTER for persistence Post-exploitation toolkit LINE VIPER

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page