The Python package ecosystem suffered another high-impact supply chain compromise: LiteLLM — a popular library that routes requests across large language model providers and sees tens of millions of downloads — shipped malicious code in recent PyPI releases. Two versions published on March 24, 2026 (1.82.7 and 1.82.8) contained an import‑time backdoor that escalates into credential harvesting, lateral movement, and
Author: Saugata Datta
I’m an IT/DevOps professional with many years of hands-on experience across Windows, Linux, Automation, Backup and Cloud. I love building real-world automations to make infrastructure reliable, secure, and self-healing. Through this blog, I share practical learnings from enterprise projects and my home-lab experiments on Cloudflare, Self-Hosting and everything in between. Always tinkering, always improving.
Kali Linux 2026.1 Arrives — New Tools, NetHunter Breakthroughs, and a Nostalgic BackTrack Mode
Kali Linux’s first major release of 2026 lands with a mix of practical upgrades, fresh aesthetics, and a handful of features that will matter to both day-to-day penetration testers and mobile security researchers. Version 2026.1 brings a modernized look, an under‑the‑hood kernel bump, targeted NetHunter enhancements, and eight new offensive-security tools that expand Kali’s capabilities in post‑exploitation, web testing, and
Microsoft Issues Emergency Windows 11 Fix for Microsoft Account Sign-In Failures
Microsoft released an out-of-band update for Windows 11 (KB5085516) on March 21, 2026, to address a sign-in regression introduced by the March 10 cumulative update (KB5079473). Affected users reported being unable to authenticate into apps using personal Microsoft accounts: despite an active internet connection, the sign-in flow incorrectly displayed a “no Internet” error and blocked access to Microsoft services such
AstraZeneca Allegedly Targeted by LAPSUS$ — Claims of a 3GB Internal Data Dump
A known hacking collective identifying as LAPSUS$ has posted claims that it obtained and is attempting to sell a 3GB .tar.gz archive allegedly containing AstraZeneca internal data. As of the reports dated March 20, 2026, AstraZeneca had not issued a public statement confirming or denying the claim. What the threat actors presented The actors published teasers and screenshots on breach
Oracle Issues Urgent Security Update for Critical RCE in Identity Manager and Web Services Manager
Oracle has released an out-of-band security alert to address a critical remote code execution vulnerability, tracked as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. With a CVSS 3.1 base score of 9.8 and no authentication required, this is a high-risk flaw that can be exploited remotely over HTTP with minimal complexity. Organizations running internet-facing Fusion Middleware components
Chrome Security Update Fixes 26 Vulnerabilities That Could Allow Remote Code Execution
Google’s latest Chrome security update is a reminder that even the world’s most scrutinized software still harbors dangerous flaws. In a single release, Chrome developers patched 26 vulnerabilities—three marked critical—that could let unauthenticated attackers run malicious code simply by getting a user to visit a crafted webpage. For anyone who uses Chrome, from casual browsers to enterprise fleets, this is