The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
Cyprus Mail on MSN

Why BulkQuant is becoming a notable AI trading bot platform for crypto, forex, and stock traders in 2026

Disclaimer: This article is sponsored by BulkQuant. It is intended for informational purposes only and does not constitute financial advice, investment advice, or a guarantee of trading results.
Dark Reading

Rust-Written IronWorm Hits NPM Supply Chain

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...
CSOonline

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...
Analytics India Magazine

DeepSeek Releases V4 Pro, Challenging OpenAI, Anthropic on Key Benchmarks

DeepSeek has launched its V4 Pro and V4 Flash models, featuring a one-million-token context window. The new models aim to compete with OpenAI and Anthropic across various AI benchmarks. Chinese AI ...
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...
Cyber Defense Magazine

Why 2026 Will Be The Year Of SaaS Breaches

The old playbook was to breach the perimeter, pivot through the network, dump the ransomware. That’s too much work now. Attackers have figured out something better: why fight your defenses when I can ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
Microsoft

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an ...
WeLiveSecurity

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

Since Russia’s full-scale invasion of Ukraine in February 2022, cyberespionage has played a crucial role in the broader threatscape. Russia-aligned advanced persistent threat (APT) groups have ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.