Cybersecurity

Threat actor TeamPCP compromised the widely used Trivy vulnerability scanner through a retained access token from an earlier incomplete remediation, injecting credential-stealing payloads into official releases and GitHub Actions while defacing 44 Aqua Security repositories.

Amazon threat intelligence reveals that the Interlock ransomware group exploited a critical Cisco Secure Firewall Management Center zero-day vulnerability for over five weeks before Cisco disclosed and patched the flaw in early March 2026.

CVE-2026-33017, a CVSS 9.3 unauthenticated RCE in the open-source AI framework Langflow, was weaponized within 20 hours of its March 17 advisory with no public exploit code available.

Russia's APT28 exploited CVE-2026-21509, a Microsoft Office OLE bypass, within 72 hours of disclosure to hit military targets across six NATO-adjacent countries with steganographic loaders and cloud-based C2.

Microsoft, the Pentagon, and Zscaler are extending zero trust beyond network perimeters to AI agents, weapons systems, and sovereign data flows, driven by a non-human identity explosion that outnumbers human users 100 to 1.

Attackers hijacked 75 of 76 version tags in the widely used trivy-action GitHub Action to steal CI/CD credentials, then deployed a self-propagating npm worm that uses the Internet Computer Protocol as an untakeable-down command-and-control channel.

The UAE mandates all banks abandon SMS OTP by March 31 while Microsoft auto-enables passkey profiles across Entra ID, as FIDO Alliance data shows 87 percent of enterprises now deploying passkeys.

Broadcom announced the first end-to-end post-quantum cryptography-safe in-flight network encryption solution for Fibre Channel storage, shipping over 120,000 adapters as NIST sets a 2030 deadline to deprecate RSA and enterprises race to counter harvest-now-decrypt-later attacks.

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, rated CVSS 9.9, is being actively exploited in ransomware attacks across six countries, with thousands of on-premises instances still unpatched.

Telus Digital confirmed a breach after ShinyHunters claimed to have stolen up to one petabyte of data using cloud credentials obtained in a prior third-party compromise.

A coordinated supply-chain campaign abused Open VSX extension dependencies and invisible Unicode payloads to compromise developer environments across VS Code and GitHub.

Qualys discovers nine confused deputy flaws in AppArmor that have lurked since 2017, enabling unprivileged users to escalate to root, escape containers, and crash kernels across Ubuntu, Debian, and SUSE.