Critical

AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data

Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited

Overview

Mercor, an AI firm, has confirmed a significant data breach linked to a supply chain attack involving LiteLLM. Hackers claim to have stolen 4TB of sensitive data, which may include internal systems and proprietary information. This breach raises serious concerns about the security of supply chain processes, as attackers often exploit vulnerabilities in third-party software to gain access to larger networks. Companies that rely on LiteLLM and similar technologies should be particularly vigilant and assess their security measures. The implications of such a large data theft could be severe, affecting not only Mercor but also its clients and partners who may be at risk of data exposure or further attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: LiteLLM supply chain, Mercor's internal systems, sensitive data
  • Action Required: Companies should review their supply chain security practices, implement stronger access controls, and monitor for unusual activity.
  • Timeline: Newly disclosed

Original Article Summary

AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.

Impact

LiteLLM supply chain, Mercor's internal systems, sensitive data

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should review their supply chain security practices, implement stronger access controls, and monitor for unusual activity. Specific patches or updates were not mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Data Breach.

Related Coverage

Phishing Campaign Hides Lua Loader as TrueType Font File

Infosecurity Magazine

A global phishing campaign has been detected that disguises a Lua loader as a TrueType font file to deploy remote access Trojans (RATs) and information stealers. Attackers are using this method to bypass security measures by making the malicious files appear innocuous. This tactic affects users who may inadvertently open these disguised files, leading to potential data breaches or unauthorized access to systems. The presence of such sophisticated phishing techniques raises concerns about the effectiveness of traditional email security measures. Users need to be vigilant about unexpected email attachments, even if they seem harmless, to avoid falling victim to these types of attacks.

Jul 16, 2026

23andMe to pay $18 million in new genetics data breach settlement

BleepingComputer

23andMe, the genetic testing company, has agreed to pay $18 million to settle a lawsuit filed by a coalition of 43 attorneys general. The lawsuit claimed that 23andMe failed to adequately protect its customers' genetic data, putting sensitive information at risk. This settlement comes as part of a broader push for companies to prioritize data security, especially when handling personal genetic information. Customers who used 23andMe's services are particularly affected, as their genetic data could have been exposed. The situation raises significant concerns about privacy and the responsibilities of companies in safeguarding sensitive health information.

Jul 16, 2026

Two Scattered Spider Hackers Sentenced to Jail in UK

SecurityWeek

Thalha Jubair and Owen Flowers, members of the hacking group Scattered Spider, have been sentenced to prison in the UK for their involvement in a cyberattack against Transport for London (TfL) in 2024. The attack aimed to disrupt TfL's operations, which are vital for public transport in London. The sentencing serves as a reminder of the legal consequences of cybercrime, especially as public infrastructure continues to be targeted by hackers. This incident raises concerns about the security of essential services and the need for stronger defenses against such attacks. The case highlights the ongoing struggle between law enforcement and cybercriminals as authorities work to protect critical infrastructure from future threats.

Jul 16, 2026

AI Data Centers Are Being Built Faster Than They Can Be Secured

SecurityWeek

As artificial intelligence continues to grow, data centers designed to support AI infrastructure are being constructed at a rapid pace. However, these new facilities often lack the security measures needed to protect against emerging threats that traditional data center designs do not account for. This rush to build AI data centers can leave vulnerabilities that attackers might exploit, putting sensitive data and operations at risk. Companies developing AI technologies must prioritize security from the start, rather than trying to retrofit protections after a facility is operational. The implications for businesses and users are significant, as a security breach could lead to data loss or misuse, affecting trust and operations across various sectors.

Jul 16, 2026

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

The Hacker News

Cybersecurity experts have identified a new malware named TELEPUZ that has been spreading since late April 2026 through compromised websites using ClickFix lures. This modular malware is designed to steal data and execute commands on infected systems. Researchers from Elastic Security Labs note that while the number of command-and-control domains associated with TELEPUZ is currently limited, its capabilities raise significant concerns for users and organizations. The lightweight nature of the malware makes it particularly dangerous, as it can easily evade detection. Users visiting infected sites are at risk, making it crucial for individuals and companies to remain vigilant about their online activities and security practices.

Jul 16, 2026

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

The Hacker News

A new piece of malware known as ClickLock Stealer is targeting macOS users by forcing them to input their login passwords. This infostealer operates by running a command in the Terminal that creates a fake system dialog asking for the password. If the victim cancels this request, the malware repeatedly kills various applications—including Finder and Terminal—every 210 milliseconds until the password is provided. Once the victim logs in again, the malware installs two LaunchAgents, allowing it to operate silently in the background. This type of attack is particularly concerning as it manipulates user behavior to extract sensitive information, highlighting the need for users to be cautious about unexpected prompts and commands.

Jul 16, 2026