This case demonstrates how centralizing access and secrets can amplify the impact of a supply chain attack It has been confirmed that versions 1.82.7 and 1.82.8 of the litellm package distributed on PyPI  were tampered with and contained malicious code. According to LiteLLM’s official security notice on March 24, 2026, these versions were compromised and have since been removed from PyPI. This incident can be classified as a supply chain attack , where an open source componen

An unauthenticated SQL Injection vulnerability has been identified in the Ally – Web Accessibility & Usability plugin used in Elementor-based WordPress environments. With over 400,000 active installations globally, this issue has a potentially wide impact surface. However, this is not a vulnerability that can be exploited across all WordPress environments by default. Exploitation depends on specific conditions. This article outlines the affected plugin, root cause, and what s

Broadcom's Symantec and Carbon Black Threat Hunter Team have identified activity linking North Korea's Lazarus Group to a series of Medusa ransomware attacks. U.S. healthcare organizations are among the primary targets, with cases in the Middle East also referenced. What makes this campaign worth examining closely is the activity that precedes the ransomware itself. The toolset identified by Symantec and Carbon Black is Lazarus-specific custom malware, not off-the-shelf crime

Recent issues surrounding OpenClaw can be summarized in one sentence: locally running executable agents are becoming a new attack surface.  According to OpenClaw’s official security documentation, this agent can perform arbitrary shell command execution, file read and write operations, network service access, and message sending  depending on configuration. In other words, it goes far beyond a typical chatbot and is closer to an executable tool that actually connects and oper

A critical Remote Code Execution vulnerability has been discovered in the Metro Development Server used in React Native development environments, and recent attack activity has been observed exploiting this flaw to distribute malicious payloads. The vulnerability, tracked as CVE-2025-11953 and referred to as Metro4Shell, originates from an OS Command Injection issue in the /open-url endpoint, which is provided for development convenience. This issue is particularly noteworthy