CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap ...

Joe Supan is a senior writer for CNET covering home technology, broadband, and moving. Prior to joining CNET, Joe led MyMove's moving coverage and reported on broadband policy, the digital divide, and ...

TeamPCP hackers tell Forbes that AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place. TeamPCP hackers ...

Contractors said in at least five lawsuits that AI training startup Mercor exposed their data to hackers. Mercor said last week it was "impacted" by compromised LiteLLM software. One of the suits ...

Meta has paused its work with Mercor and is investigating after a data breach, a person familiar said. Mercor confirmed to Business Insider that it was recently affected by a security incident. Mercor ...

Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the ...

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, ...

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to ...

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open source project LiteLLM. The AI startup told TechCrunch on Tuesday that it ...

LiteLLM, makers of a popular AI gateway used by millions of developers, has publicly announced that it is ditching compliance startup Delve and will redo its security certifications with another ...