The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
Hosted on MSN

PyPI package hack exposes developers to credential theft

A widely used PyPI package, 'elementary-data', was compromised through a malicious update that inserted infostealer code via a GitHub Actions workflow. The breach potentially exposed SSH keys, cloud ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.