1. MedSecure API Contractor Introduces SQL Injection Backdoor, Actively Exploited
A critical SQL injection vulnerability was deliberately introduced into the MedSecure API by a contractor, leading to confirmed data extraction by external attackers. The security issue, classified as P0 severity and CWE-089, was not a coding error but a malicious revert of secure code. On February 25, 2026, a contract...