Researchers from LayerX have discovered a significant vulnerability in the Cursor extension that allows malicious extensions to steal API keys and session tokens without any user interaction. This flaw poses a serious risk to developers, as it can potentially expose sensitive information needed for accessing various services and APIs. Developers using the Cursor extension are particularly at risk, as attackers can exploit this vulnerability to gain unauthorized access to their accounts and services. The implications of this vulnerability are concerning, as it could lead to data breaches or unauthorized actions taken on behalf of developers. Users of the Cursor extension should take immediate steps to assess their security and consider removing or disabling the extension until a fix is provided.
CISA and Microsoft have issued a warning about the exploitation of a Windows Shell vulnerability identified as CVE-2026-32202. This zero-click vulnerability allows attackers to trick victims' systems into authenticating with the attacker's server, potentially exposing sensitive information. CVE-2026-32202 is linked to an incomplete fix for a previous vulnerability (CVE-2026-21510), which was targeted by the APT28 group using malicious LNK files. Microsoft had released patches for these vulnerabilities in February 2026, but the new exploit indicates that attackers have found ways to bypass these security measures. Users and organizations running affected systems need to be vigilant and apply available updates to safeguard against these kinds of attacks.
Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers at Novee have identified a serious vulnerability in Cursor AI, designated as CVE-2026-26268. This flaw could allow attackers to execute malicious code when developers clone repositories, potentially compromising their systems. The vulnerability is particularly concerning for those using Cursor AI in their development workflows, as it opens up a pathway for exploitation that could lead to data breaches or the introduction of harmful code. Developers and organizations using this integrated development environment should take immediate action to assess their systems for this vulnerability and understand the risks involved. Awareness and prompt remediation are crucial to maintaining security in software development processes.
A significant vulnerability, identified as CVE-2026-3854, has been discovered in GitHub.com and GitHub Enterprise Server, potentially allowing remote code execution. This flaw poses a risk to millions of repositories hosted on these platforms, which are widely used by developers and organizations for version control and collaboration. If exploited, attackers could execute arbitrary code, leading to unauthorized access and manipulation of sensitive codebases. The discovery emphasizes the need for users to remain vigilant and update their systems promptly to mitigate potential risks. GitHub has urged users to apply the latest patches to safeguard their repositories against this vulnerability.
A serious SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in BerriAI's LiteLLM Python package, with a high CVSS score of 9.3. Remarkably, this flaw has already been actively exploited within just 36 hours of its public disclosure. Attackers can use this vulnerability to modify the database underlying the application, posing significant risks to any systems using LiteLLM. Organizations that rely on this package need to act quickly to protect their data and systems from potential breaches. Users should remain vigilant and apply necessary updates or patches as soon as they are available to mitigate these risks.
Attackers exploited a vulnerability in Robinhood's account creation process, which allowed them to inject HTML into confirmation emails sent to new users. This flaw could be used to craft phishing emails that appear legitimate, potentially tricking users into providing sensitive information or clicking on malicious links. As a result, anyone signing up for Robinhood could be at risk of falling for these phishing attempts. It’s crucial for users to be vigilant and verify the authenticity of emails they receive, especially those requesting personal information. This incident serves as a reminder for companies to regularly audit their onboarding processes to prevent similar exploitation in the future.
Hackers are actively exploiting a serious SQL injection vulnerability, identified as CVE-2026-42208, in the LiteLLM open-source large-language model gateway. This flaw allows attackers to access sensitive information stored within the system, which could lead to unauthorized data exposure. Users of LiteLLM, particularly those managing sensitive datasets, should be aware that their systems may be at risk. The vulnerability is already being targeted in the wild, making immediate action crucial for those using the affected software. As the situation develops, it is vital for organizations to stay informed about potential exploits and take necessary precautions to protect their data.
Researchers have discovered a serious vulnerability in GitHub, identified as CVE-2026-3854, which allows attackers to execute arbitrary code by simply pushing a git command. This flaw affects several GitHub products, including GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise. The ability to run code remotely poses significant risks, as it could lead to unauthorized access or manipulation of repositories. Companies using these GitHub services should be vigilant and take immediate action to address this vulnerability, as it could potentially compromise their code and data integrity. Ensuring that all systems are updated and secure is essential to mitigate the risks associated with this exploit.
Researchers have identified a serious security flaw in GitHub.com and GitHub Enterprise Server, designated CVE-2026-3854, which could enable an authenticated user to execute arbitrary code remotely with just a single 'git push' command. This command injection vulnerability has a CVSS score of 8.7, indicating its severity. If exploited, it could allow attackers with repository push access to take control over affected systems. This issue affects both individual developers and organizations using GitHub for version control, highlighting the need for immediate awareness and action. Users are advised to monitor their repositories closely and apply any recommended patches as they become available.
Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers have discovered a serious vulnerability in PackageKit, a package management tool used across various Linux distributions. This flaw, dubbed Pack2TheRoot, allows attackers to gain full root access, potentially compromising the security of affected systems. Linux distributions that utilize PackageKit, which includes many popular versions, are at risk. This vulnerability is particularly concerning because it has been present for over a decade, raising questions about the security practices in place for maintaining open-source software. Users and system administrators are urged to update their systems and apply any available patches to mitigate the risk of exploitation.
A new security incident has emerged involving the malicious elementary-data package version 0.23.3, which has been found to steal sensitive developer information and cryptocurrency wallet credentials. The attack took advantage of a flaw in GitHub Actions scripts, allowing the attacker to inject shell code that exposed a GitHub token. This means that anyone using this version of the package could be at risk, potentially compromising their projects and financial assets. Developers and organizations using this package need to take immediate action to secure their systems and prevent unauthorized access to their data. The incident serves as a reminder of the vulnerabilities that can arise in software development environments, particularly when integrating third-party packages.
A serious security flaw has been identified in LeRobot, Hugging Face's open-source robotics platform, which has garnered nearly 24,000 stars on GitHub. The vulnerability, designated as CVE-2026-25874, has a high severity score of 9.3 and allows attackers to exploit untrusted data deserialization, potentially leading to remote code execution without authentication. This flaw poses a significant risk to developers and organizations using LeRobot, as it could allow unauthorized access and control over their systems. Researchers are urging users to take immediate action to safeguard their implementations, given the potential for widespread exploitation. The details of the flaw emphasize the importance of security diligence in open-source projects.
A vulnerability has been discovered in the Zimbra Collaboration Suite, affecting versions 8.8.15, 9.0, 10.0, and 10.1. This flaw is currently being actively exploited, putting thousands of Zimbra servers at risk. Organizations using these specific versions need to act quickly to protect their systems from potential attacks. The exploitation of this vulnerability could lead to unauthorized access or data breaches, making it critical for users to ensure their software is updated. Companies should monitor for any signs of intrusion and apply necessary patches as soon as they become available.
A vulnerability in Firefox and the Tor Browser has been discovered, linked to how IndexedDB, a database used by these browsers to store data, operates. This flaw can potentially expose hidden identifiers, which can compromise user privacy and anonymity. Both browsers are widely used, especially by individuals seeking enhanced privacy online, making this issue particularly concerning. Users of these browsers should be aware of the risks associated with this vulnerability, as it may allow malicious actors to track their online activities. It is crucial for users to stay updated with the latest browser patches to mitigate these risks.
Medtronic, a major player in the medical device industry, recently confirmed that its network was breached by hackers who accessed sensitive data from its corporate IT systems. The attackers claim to have stolen approximately 9 million records, raising significant concerns about the security of personal health information. While Medtronic has not disclosed specific details about the affected data or the nature of the breach, the incident underscores the vulnerability of healthcare organizations to cyberattacks. As the healthcare sector increasingly relies on digital systems, this breach serves as a reminder of the potential risks to patient privacy and the importance of robust cybersecurity measures. Medtronic is currently investigating the breach and working to secure its systems to prevent further incidents.