CISO Daily Digest: Trellix Source Code Breach & Active LiteLLM Exploitation (20260511)
RansomHouse claims Trellix source code stolen; LiteLLM SQL injection exploited in active attacks; CISA orders Ivanti MDM zero-day patching.
This week in cybersecurity opened with significant supply chain and vulnerability developments. The ransomware group RansomHouse claimed to have stolen source code from security vendor Trellix, highlighting the escalating threat to cybersecurity companies themselves. Meanwhile, the US cybersecurity agency CISA warned that a critical SQL injection vulnerability in LiteLLM is being actively exploited in the wild, urging organizations to patch immediately.
Active Threats This Week
π RansomHouse Claims Theft of Trellix Source Code
The RansomHouse ransomware group publicly claimed to have breached security vendor Trellix and stolen its proprietary source code. The incident underscores the growing risk to cybersecurity firms themselves as high-value targets.
π Reference: iThome
π LiteLLM Critical SQL Injection Vulnerability Under Active Exploitation
CISA added a critical SQL injection vulnerability in LiteLLM to its Known Exploited Vulnerabilities catalog, confirming active exploitation. The flaw allows attackers to execute arbitrary SQL commands against the AI gatewayβs database.
π Reference: iThome
π CISA Mandates Ivanti MDM Zero-Day Patching Within 3 Days
CISA ordered US federal agencies to patch an Ivanti Mobile Device Management zero-day vulnerability within 72 hours, citing evidence of active exploitation in attacks targeting mobile enterprise infrastructure.
π Reference: iThome
π Malicious NuGet Packages Target Chinese .NET Developers
Attackers published malicious NuGet packages impersonating legitimate Chinese .NET libraries. The malware targets developersβ browsers and cryptocurrency wallets via supply chain compromise.
π Reference: iThome
π ZiChatBot Malware Spreads via PyPI to Windows and Linux
A new malware campaign dubbed ZiChatBot distributes malicious payloads through PyPI packages, targeting both Windows and Linux systems. The malware enables remote access and data theft.
π Reference: iThome
π Hugging Face Fake OpenAI Repo Hits #1, 244K Downloads
A fake OpenAI privacy filter repository reached the #1 trending spot on Hugging Face, accumulating over 244,000 downloads before being removed. The repo distributed infostealer malware targeting Windows users.
π Reference: The Hacker News
π Redis Discloses 5 Vulnerabilities Including Critical RCE
The Redis team disclosed 5 security vulnerabilities, some of which could allow remote code execution if left unpatched. Users are urged to update Redis deployments immediately.
π Reference: iThome
π Over 5,000 Unprotected Vibe Coding Apps Expose Enterprise Data
Security researchers identified over 5,000 publicly accessible AI-generated βVibe Codingβ applications left unprotected, potentially exposing sensitive enterprise data through misconfigured deployments.
π Reference: iThome
π Sandworm APT Uses SSH-over-Tor for Stealthy Persistence
The Russia-linked Sandworm APT group has been observed using SSH-over-Tor tunnels to establish covert command-and-control channels, enabling long-term undetected persistence in compromised networks.
π Reference: iThome
π AI Tools Discover 38 OpenEMR Vulnerabilities in 3 Months
AI-powered security tools identified 38 vulnerabilities in the OpenEMR healthcare platform within 3 months, including a maximum-severity flaw that could lead to sensitive patient data exposure.
π Reference: iThome
This digest is auto-generated from curated cybersecurity news sources.