The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
Yonkers Times

Web Application Penetration Testing: How Testers Think Like Attackers to Find Real Exploits

Most organizations find out about security gaps the hard way. By the time a vulnerability surfaces, attackers have already ...

Critical command injection vulnerability discovered in Universal Robots PolyScope 5

Universal Robots urges users to update PolyScope software following critical vulnerability ...
Dark Reading

CISA, FBI Warn of OS Command-Injection Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a critical alert urging software developers to focus on removing weaknesses that allow unauthorized users to run ...
Biometric Update

iBeta launches Injection Attack Detection testing against CENS/TS 18099

The lab’s IAD testing launches today and includes testing up to Level 3 against the European standard CENS/TS 18099: 2025 ...
Bleeping Computer

CISA urges devs to weed out OS command injection vulnerabilities

CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. Velvet Ant, the Chinese state-sponsored threat ...