The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
GIGAZINE

It was pointed out that airport and cockpit security could be breached by SQL injection attacks

The Transportation Security Administration (TSA) has a program called 'KCM (Known Crewmember)' that allows pilots and flight attendants to pass security checks even when they are off. Similarly, there ...
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable ...

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by ...
GIGAZINE

'Lord of SQL Injection', a site where you can learn about SQL injection vulnerabilities while capturing dungeons

First, access Lord of SQL Injection and click '[enter to the dungeon]'. It's my first time to use Lord of SQL Injection, so click 'Join'. Enter the ID, email address, and password used in Lord of SQL ...

ProFTPD: Code injection via mod_sql possible

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead ...
Computerwoche Online

SQL injection attacks led to massive data breaches

This week's disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web ...
The Verge

Researchers say a bug let them add fake pilots to rosters used for TSA checks

A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport ...