SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Pro-Iranian group claims credit for hack of FBI Director Kash Patel’s personal account

A pro-Iranian hacking group is claiming to have hacked an account of FBI Director Kash Patel and has posted online what appear to be years-old photographs of him, along with a work resume and other ...
Fox News

CarGurus breach linked to ShinyHunters exposes 12.4M records

If you've ever searched for a car on CarGurus, your personal information could now be circulating online. A hacking group known as ShinyHunters has published what it claims are 12.4 million records ...
GitHub

pythias/ai-hack-agents

A defensive red-team fixture repository. Use it to check whether coding agents and skills treat issue bodies, PR templates, review comments, test output, and log files as untrusted—and whether they ...