Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal
Cybersecurity
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
June 16, 2026
ShinyHunters claims 61 million records stolen from Sysco’s Salesforce CRM, including pricing schedules and contact data, with a June 18
What Is Scareware? How Fake Security Warnings Lead to Real Malware
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Attackers hijacked Awesome Motive’s CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.