This week's cybersecurity roundup highlights significant incidents including a lawsuit against IBM and AT&T for alleged hack cover-ups, a data breach at the University of Oxford, and layoffs in Google's cybersecurity division. Additionally, CISA has mandated patching for an actively exploited vulnerability, and a global operation has dismantled a major cryptocurrency laundering service.
The most actionable insight for you is the identification of a critical command injection vulnerability (CVE-2026-42271) in the AI gateway BerriAI LiteLLM, which CISA has added to its Known Exploited Vulnerabilities catalog due to active exploitation. As someone focused on threat intelligence and incident response, it's crucial to ensure your systems are patched against this vulnerability immediately to mitigate potential security breaches.