CVE-2026-42208: Your AI Proxy's Auth Check Was the Backdoor
LiteLLM's API key verification had a pre-auth SQLi (CVSS 9.3). Six critical vulns in one month. Your AI proxy is now a high-value target.
Blog
Tag: #security
The Worm in the Machine: Dissecting the Self-Spreading npm Attack
A new npm worm doesn't just steal your keys-it turns your own code into a weapon. A deep dive into the CanisterWorm's anatomy, from postinstall hooks to its unkillable blockchain C2.
An AI Tool I'd Never Heard Of Just Cracked Open Vercel
On April 19 Vercel disclosed a breach. The attacker walked in through a third-party AI tool's OAuth app — and your stack probably trusts ten of those.
CVE-2026-40175: How Axios Turns Prototype Pollution Into Full Cloud Compromise
A deep dive into the critical Axios gadget chain that escalates prototype pollution to RCE and AWS IMDSv2 bypass. CVSS 9.9.
The npm Attack Nobody Saw Coming: When Your Database Client Becomes a Spy
After Axios and LiteLLM, attackers are eyeing your database clients. Here's the attack pattern, why DB tools are perfect targets, and how Zero Trust architecture contains the blast radius.
The LiteLLM Supply Chain Attack: How Developer Machines Became Credential Vaults
In March 2026, the TeamPCP threat actor compromised PyPI packages LiteLLM 1.82.7 and 1.82.8, injecting infostealer malware that turned developer workstations into credential harvesting engines.
The Axios npm Supply Chain Compromise: A North Korean APT's Bold Move
On March 31, 2026, the North Korean state actor Sapphire Sleet compromised Axios npm packages, injecting malware that deployed RATs on developer machines worldwide. Here's what happened and how to stay safe.