A SQL injection flaw in LiteLLM (CVE-2026-42208) is being actively exploited within 36 hours of disclosure.
The vulnerability allows attackers to access backend databases, exposing sensitive data and potentially compromising AI-driven systems.
sctocs.com/litellm-cve-...
A critical RCE vulnerability (CVSS 10) in Google’s Gemini CLI has been patched.
The flaw could allow attackers to execute code in CI/CD pipelines, while Cursor AI vulnerabilities show how prompt injection can lead to unintended execution.
sctocs.com/google-gemin...
𝗝𝗼𝗯 𝗧𝗶𝘁𝗹𝗲: SOC Analyst (Wazuh SIEM) – SCtoCS
SCtoCS (Shortcut to Cyber Solutions) is hiring a SOC Analyst with practical experience in Wazuh SIEM.
Apply here: lnkd.in/dnXHKBr5
Compromised npm packages linked to SAP are being used to steal developer credentials.
The malicious code executes during installation, targeting tokens, environment variables, and CI/CD systems—highlighting ongoing risks in open-source supply chains.
sctocs.com/sap-npm-pack...
Researchers have uncovered a critical GitHub vulnerability (CVE-2026-3854) allowing remote code execution through a single Git push
The flaw could enable attackers to compromise repositories and impact CI/CD pipelines with minimal effort posing a serious supply chain risk
sctocs.com/github-cve-2...
A new DPRK-linked campaign is combining AI-generated npm malware with fake company personas to target developers.
Victims are tricked into installing malicious packages during recruitment scams, leading to RAT infections and data theft.
sctocs.com/dprk-ai-npm-...
A critical vulnerability in Hugging Face’s LeRobot allows unauthenticated remote code execution.
The flaw stems from unsafe pickle deserialization over unsecured gRPC channels, enabling attackers to execute arbitrary commands on AI systems and robot clients.
sctocs.com/huggingface-...
VECT 2.0 ransomware behaves more like a wiper.
Due to a cryptographic flaw, files larger than 131KB are permanently destroyed across Windows, Linux, and ESXi systems—making recovery impossible.
sctocs.com/vect-2-ranso...
LofyGang is back after 3 years with a new campaign targeting Minecraft users
The group is spreading LofyStealer via a fake “Slinky” hack, using trusted game branding to trick victims into installing malware that steals credentials, financial data, and browser information.
sctocs.com/lofygang-min...
A suspected Silk Typhoon (Hafnium) hacker has been extradited to the U.S. over cyberattacks targeting COVID-19 research.
The accused allegedly breached university systems to steal vaccine and treatment data as part of a broader state-linked espionage campaign.
sctocs.com/silk-typhoon...
SCtoCS
SCtoCS
SCtoCS
SCtoCS
SCtoCS
SCtoCS
SCtoCS
LiteLLM CVE-2026-42208 SQL injection flaw exploited within 36 hours of disclosure, highlighting rapid exploitation risks and urgent patching needs.
SAP-related npm packages compromised in a credential-stealing supply chain attack, exposing risks in open-source dependencies and developer ecosystems.
sctocs.com
Google fixes a critical CVSS 10 Gemini CLI CI RCE flaw, while Cursor vulnerabilities enable code execution, raising concerns in developer tools security.
Researchers discover a critical GitHub CVE-2026-3854 RCE flaw exploitable via a single git push, raising serious concerns for developer security.
sctocs.com
A new wave of DPRK-linked attacks uses AI-inserted npm malware, fake firms, and RATs, highlighting evolving tactics in global cyber espionage campaigns.
sctocs.com
A critical unpatched flaw leaves Hugging Face LeRobot vulnerable to unauthenticated RCE, raising serious concerns over AI platform security.
A Chinese Silk Typhoon-linked hacker is extradited to the U.S. over cyberattacks targeting COVID research, highlighting global cybercrime enforcement efforts.
