Threat Digest

Abstract representation of code with a lock icon symbolizing security vulnerability

LiteLLM SQLi Exploited in 36 Hours [CVE-2026-42208]

Forget slow-burn exploits. A critical vulnerability in LiteLLM's AI gateway was actively weaponized just 36 hours after its disclosure, proving attackers aren't waiting around for official patches.

6 min read 2 weeks, 6 days ago

A stylized graphic representing a lock with a keyhole being digitally breached, symbolizing the LiteLLM vulnerability.

Explainers

LiteLLM SQLi Flaw: Hackers Strike API Keys

The world of AI development just got a bit scarier. A critical vulnerability in LiteLLM, the popular LLM gateway, has been weaponized by hackers, and they're going straight for the jugular – your API keys.

6 min read 3 weeks, 3 days ago

Diagram of TeamPCP supply chain attack infiltrating CI/CD pipelines via PyPI and GitHub

Nation-State Threats

TeamPCP's Ruthless Hijack of Security Scanners: 500K Machines, 300GB Stolen

Attackers slipped infostealers into GitHub Actions and PyPI, turning vulnerability scanners against their users. Over 500,000 machines lost cloud tokens, SSH keys, and Kubernetes secrets in this escalating nightmare.

5 min read 1 month, 2 weeks ago

#litellm

LiteLLM SQLi Exploited in 36 Hours [CVE-2026-42208]

LiteLLM SQLi Flaw: Hackers Strike API Keys

TeamPCP's Ruthless Hijack of Security Scanners: 500K Machines, 300GB Stolen