supply chain carnage dominates today. DPRK actors compromised the Axios npm package (~100M weekly downloads), TeamPCP cascaded a single stolen Trivy CI token into four ecosystems with "hundreds of thousands" of leaked secrets now circulating, and Contagious Interview dropped the fake-job pretext to directly compromise GitHub accounts. your NetScaler KEV deadline is today (CVE-2026-3055). a pre-auth RCE chain for Progress ShareFile dropped this morning against 30k exposed instances. two simultaneous iOS full-chain exploit kits forced Apple to break a decade of patching policy. heavy day — prioritize patching, credential rotation, and npm/PyPI dependency audits.
Honeypot telemetry confirms sustained broad active exploitation over 13 days. EPSS 0.44 (actively-exploited-in-the-wild territory). CISA KEV patch deadline: 2026-04-02 — today. surfaced via HN rather than specialist vuln feeds, suggesting this may have slipped past vendor-advisory-only monitoring workflows.
if NetScaler/ADC is in your environment and unpatched, this is a same-day emergency. the honeypot data shows broad opportunistic scanning, not targeted — everyone exposed is getting hit.
three overlapping campaigns form the week's biggest strategic threat:
TeamPCP cascade — a single unrevoked credential stolen from Trivy's CI/CD pipeline was pivoted through four ecosystems: Aqua Security → npm (LiteLLM/PyPI) → Checkmarx → Telnyx. geotargeted wiper against Iranian infrastructure deployed as a side project. Google warns "hundreds of thousands of stolen secrets" could be circulating, enabling further supply chain attacks, SaaS compromise, ransomware, and crypto theft. confirmed downstream casualty: AI recruiting firm Mercor hit via LiteLLM, LAPSUS$ claiming 4TB. covered by 3 sources.
Axios npm compromise — CrowdStrike attributed
to STARDUST CHOLLIMA (DPRK). north korean-linked actors injected
malicious dependency plain-crypto-js@4.2.1 into Axios
releases. ~100M weekly npm downloads, incalculable transitive
dependents. CrowdStrike's full writeup is pending; treat affected
versions as IOCs once published. tl;dr sec #322 has
retrospectives from OpenSourceMalware and Socket on both campaigns.
TasksJacker — Contagious Interview dropped the fake-interview lure entirely and is now directly compromising GitHub accounts. dozens confirmed. this removes social engineering friction and turns compromised devs into supply chain weapons: malicious commits, backdoored packages, poisoned repos. source is low-authority; treat with moderate confidence pending corroboration, but the TTP evolution is credible.
Separately, Fortinet documented a DPRK LNK-based campaign using GitHub as covert C2 infrastructure — consistent with the broader Contagious Interview tradecraft.
one unrevoked CI token → four ecosystems compromised. this is the textbook cascade scenario every supply chain talk warns about. the harvested secrets will generate incidents for months. any org with npm/PyPI dependencies (read: everyone) should audit for
plain-crypto-jsand LiteLLM exposure immediately. the TasksJacker evolution — skipping the interview — means developer-focused defense needs to extend beyond "don't take suspicious job calls on LinkedIn."
Cisco Talos disclosed
UAT-10608's automated campaign exploiting pre-auth RCE in React Server
Components via Next.js. EPSS 0.65. KEV-listed (deadline passed
2025-12-12 — exploitation ongoing and accelerating). 766 hosts
compromised in a single 24-hour window via the NEXUS Listener C2
framework. harvest breakdown: database creds (91.5%), SSH keys (78.2%),
AWS IAM (25.6%), live Stripe API keys (11.4%), GitHub tokens (8.6%).
dropper stages to /tmp, iterates 10 collection phases including k8s SA
tokens and Docker configs. one NEXUS Listener instance was left
unauthenticated, gifting Talos the full victim dataset.
IOCs: C2 IPs 144.172.102.88,
172.86.127.128, 144.172.112.136,
144.172.117.112; Snort SID 65554. Talos separately confirms
React2Shell became the most-targeted vulnerability shortly after
December disclosure. covered by 2 sources.
the KEV deadline passed four months ago but exploitation is accelerating, consistent with AI-assisted weaponization timelines. the attack surface is enormous — any public-facing Next.js app using RSC without proper sanitization. rotate all env secrets, cloud creds, Stripe keys, and GitHub tokens regardless of confirmed compromise. the blast radius from k8s SA tokens and cloud metadata is what turns a web shell into full infrastructure access.
watchTowr Labs published
a full pre-auth RCE chain against ShareFile Storage Zone Controller
≤5.12.3. CVE-2026-2699: Execution After Redirect auth bypass — developer
passed false to the endResponse parameter,
literally telling .NET "don't stop executing after the redirect."
CVE-2026-2701 chains to RCE: the bypass allows reconfiguring the Zone's
Network Share Location to the IIS webroot, then uploading a ZIP
containing an ASPX webshell. ~30,000 instances internet-exposed per
Shodan. patch available since March 10 (v5.12.4). detection artifact
generator published. covered by 4 sources.
MOVEit, GoAnywhere, ShareFile — Progress's file transfer portfolio is completing the trifecta. the EAR bug is genuinely embarrassing. expect ransomware weaponization within the week; file transfer products are the #1 ransomware/APT target category in KEV data. patch to 5.12.4 today.
DarkSword — full-chain iOS exploit kit chaining 6 vulnerabilities across WebKit, Safari, dyld, and kernel. zero-click via malicious website or malvertising — a single page visit is sufficient for complete device compromise with no user interaction beyond page load. in-the-wild since November 2025, attributed to commercial spyware vendors and state-sponsored actors. PoC is now public on GitHub, which escalates this from state-sponsored-only to everyone's problem. Apple expanded iOS 18.7.7 to devices that can't upgrade to iOS 26, breaking a decade-old policy of tying security patches to latest OS version. ATT&CK: T1189, T1203, T1068.
Coruna — Google disclosed a 23-vulnerability iOS exploit chain built by US military contractor L3Harris/Trenchant. TechCrunch confirmed via two former employees that an insider sold it to Russia. now in active use by both Russian state actors and criminal groups. iVerify's Rocky Cole: "highly sophisticated, took millions of dollars to develop, bears the hallmarks of other modules publicly attributed to the US government." this is the first confirmed example of US government contractor iOS offensive tooling spinning out of control.
two simultaneous iOS exploit kits broke Apple's decade of "upgrade to get security fixes." DarkSword's GitHub PoC is the immediate tactical concern — hundreds of millions of unpatched iOS 18.x devices are now broadly exposed. Coruna is the strategic concern — this is an NSO Group moment except it's american, and the insider-sale vector is a classification regime failure. push high-risk users to Lockdown Mode immediately. verify iOS fleet update compliance across all device cohorts.
Cisco Talos published
deep technical analysis of a Qilin affiliate's 4-stage EDR killer. DLL
side-loading via msimg32.dll → SEH/VEH obfuscation with Halo's Gate
indirect syscalls → loads legitimately-signed ThrottleStop.sys driver
for kernel physical memory access → unregisters kernel callbacks
(process/thread creation, image load) and terminates EDR processes
across a hardcoded list of 300+ products. VEH-based trick intercepts
NtMapViewOfSection to redirect execution via LdrpMinimalMapModule —
deliberate anti-analysis work. geo-fences exclude post-Soviet locales.
Qilin was the #1 ransomware group globally in 2025 (200+ victims in
October, 6-day average dwell before encryption, 16.4% of Japan's 134
cases). IOCs: ClamAV
Win.Tool.EdrKiller-10059833-0, Snort SIDs 66180/66181, 12
Sigma rules published. covered by 2 sources.
if your EDR can be process-terminated by a kernel driver, you're blind for the 6 days before encryption. this is the load-bearing argument for defense-in-depth: immutable remote logging, network segmentation, and behavior-based detection matter when EDR gets systematically murdered. validate your EDR's kernel-level self-protection against BYOVD and deploy the published Sigma rules.
Mandiant published a comprehensive 4-phase vSphere hardening guide for the ongoing BRICKSTORM espionage campaign. Chinese state-sponsored APT targets vCenter Server Appliance and ESXi, establishing persistence below EDR coverage. average dwell: 393 days — over a year of hypervisor-level access before detection. CVE-2026-22769 in exploit chain (EPSS 0.18, KEV deadline 2026-02-21 — already past). vSphere 7 reached EoL October 2025, leaving a large unpatched cohort permanently vulnerable. 4-phase guide covers STIG compliance, PAW/PAM enforcement, zero-trust VLAN segmentation, and auditd/AIDE monitoring with BRICKSTORM-specific rules. detection signals: VmClonedEvent, VmNetworkAdapterAddedEvent, PrincipalManagement SSO events. IOCs include C2 IP ranges. vCenter Hardening Script released on GitHub.
393 days of full hypervisor-level access — that's every VM including DCs and credential stores. the level of Photon OS auditd/AIDE detail strongly implies recent Mandiant IR engagements on compromised vCenters. if you're running vSphere 7 post-EoL, the migration conversation just became a security conversation. run the hardening script and deploy the detection rules.
Rapid7 documented
variants F–L with previously undocumented capabilities. key new
features: Hidden IP (HIP) relay field in magic_packet_v2 struct enabling
stateless ICMP relay — every infected node becomes an invisible internal
router, invisible to netstat/ss. ICMP PTY tunnels with RC4 and dynamic
PID-bound BPF filter. active beaconing disguised as NTP over SSL to
dynamic DNS C2 domains (ntpussl[.]instanthq.com,
ntpupdate.ddnsgeek[.]com, ntpd.casacam[.]net).
HPE ProLiant-specific variant masquerades as cmathreshd, kills HP
monitoring agent, calls unsetenv(LD_PRELOAD) to disable EDR
hooks. multi-threaded variant sniffs TCP/UDP/ICMP simultaneously for C2
resiliency. ATT&CK: T1001, T1036.004, T1205, T1572, T1573.001 and
others. IOCs: 7+ SHA256 hashes, C2 domains, YARA rules,
Suricata rulesets, triage script
rapid7_bpfdoor_check.sh.
the HIP relay field is the nastiest new capability — invisible routing for lateral movement inside 4G/5G cores. NTP masquerade is textbook hiding-in-plain-sight and nobody is inspecting NTP traffic. the HPE ProLiant targeting shows environmental awareness about the bare-metal hardware in telecom infrastructure. if you're in telecom or adjacent critical infra, run the triage script today.
SANS ISC honeypots
logging active scanning exploiting path traversal in Vite dev servers.
/@fs/ prefix + ?raw?? suffix bypasses
filesystem access controls for arbitrary file read. observed payloads
specifically target /etc/environment,
~/.aws/credentials, and similar secrets files. EPSS
0.89. Vite is designed for localhost but is apparently
frequently internet-exposed.
dev tooling exposed to the internet is a perennial own-goal and attackers know exactly which secrets files to grab. any CI/CD pipeline or dev VM running Vite with network exposure needs checking immediately. not in KEV yet but with this EPSS and active honeypot hits, that window is likely short.
CISA ICS advisory ICSA-26-092-03: Java deserialization (CWE-502) in Jasper Reports component of Ellipse EAM ≤9.0.50. CVSS 9.8 — network-accessible, no authentication, full C/I/A impact. no patch available; mitigation is restricting custom report loading to administrator-generated Jasper reports only. critical manufacturing and energy sector deployments worldwide.
CVSS 9.8 unauthenticated RCE with no patch on industrial asset management software. the Jasper Reports deserialization bug class is well-understood and weaponizable with minimal effort — expect a public PoC to follow. config-only mitigation is a stopgap. if Ellipse is in your environment, apply immediately and pressure Hitachi for a real fix.
Iran-government-connected hacktivist group Handala's March 11 wiper attack destroyed Stryker Corp's order processing, manufacturing, and shipping systems. three weeks of production disruption at a major surgical instrument and implant manufacturer — patient-safety territory even without direct hospital targeting. claimed as retaliation for US-Israel strikes on Iran. Handala has been escalating: FBI Director Patel email claim, Israeli air defense penetration claim (disputed), with FBI seizing their websites and State Department offering rewards. covered by 2 sources. iranian hacktivists are moving up the value chain from defacement-and-leaks toward operational destruction of critical manufacturing.
Sekoia disclosed a PhaaS toolkit exploiting Microsoft's OAuth device authorization grant flow (T1528). victims enter attacker-generated device codes on the real Microsoft login page — MFA completes normally, no credential interception, no fake domains. attackers receive 60-minute access tokens exchangeable for 90-day rolling refresh tokens. full post-compromise automation: inbox recon, SharePoint/OneDrive/Teams access, Telegram bot distribution. active since mid-February 2026, targeting US, AU, CA, FR, IN, CH, UAE. YARA rules and phishing infrastructure indicators published. device code phishing isn't novel (Russian APTs used it from 2021) but packaging it as PhaaS with post-compromise automation is the upgrade. the MFA-bypass-by-design angle is what security awareness training won't catch. conditional access policies blocking device code flow for non-compliant devices are the actual mitigation.
Adversa
AI found Claude Code's deny rules silently fail when shell commands
exceed 50 subcommands (performance cap from ticket CC-643). the correct
fix exists unused in the same codebase's tree-sitter path. attack
vector: malicious repo with CLAUDE.md containing 50+ build steps,
exfiltration payload at position 51+ (e.g.,
curl ~/.aws/credentials). developers who took the time to
configure deny rules are the ones most at risk — false sense of
protection. separately, CVE-2026-21518
(CVSS 7.8): VSCode mcp.json command injection enabling RCE on malicious
project open. config files are the prompt-injection-era attack surface.
the token-budget-vs-security tension is genuinely structural and will
produce more incidents as agentic tooling proliferates. covered by 2
sources.
Check Point uncovered China-nexus actors exploiting a zero-day in TrueConf's trusted update mechanism to deliver malware within government networks. TrueConf was chosen by these defense institutions specifically because it runs on private LANs without internet access — the security feature was weaponized as the attack vector. EPSS 0.00009 (pre-publication targeted exploitation). a nasty irony that fits a well-established pattern of China-nexus targeting niche enterprise software in SE Asian government contexts.
Three signals on the same day: (1) ICE confirmed Paragon spyware purchase in congressional testimony — first official US government acknowledgment; (2) UK NCSC issued alert for high-risk individuals on protecting WhatsApp and Signal accounts; (3) WhatsApp alerted ~200 Italian users targeted via trojanized iOS app linked to an Italian spyware firm. government legitimization of commercial spyware is expanding; encrypted platform users are increasingly targeted via social engineering and fake apps rather than zero-days. covered by 3 sources.
404 Media and Trail of Bits confirmed TeleGuard (1M+ downloads, marketed as "highly encrypted, Swiss-made E2EE") transmits private keys to servers on registration, uses a hardcoded nonce and hardcoded salt across all users, and allows any attacker to retrieve any user's private key by querying the API with their publicly-shareable user ID. Trail of Bits CEO Dan Guido: encryption "is meaningless." metadata in plaintext. vendor unresponsive. actively used by populations who believe they have genuine privacy protection.
Research disclosed that forked GitHub Actions maintain the same owner/repo reference, so a PR changing only the SHA can redirect execution to attacker-controlled code. GitHub's 2026 roadmap includes workflow dependency locking (go.sum analog), scoped secrets, and L7 egress firewall — 3-6 months out. the bypass will be exploited before dependency locking ships. directly relevant to the TeamPCP cascade and broader CI/CD supply chain theme.
SecurityWeek: January 2026 breach at a Texas regional hospital, 250K individuals affected. no threat actor attribution yet. watch for ransomware group claim or dark web listing.
Red Hat advisory addressing five CVEs: CVE-2026-4325 (improper session isolation), CVE-2026-4282 (compartmentalization), CVE-2026-4636 (behavior order), CVE-2026-4634 (resource exhaustion DoS), CVE-2026-3872 (open redirect). the open redirect is most immediately actionable for OAuth2/OIDC deployments — redirect URI manipulation facilitating credential theft is a well-understood chain. Keycloak is auth backbone for many enterprise setups; any auth boundary issue has outsized blast radius. covered by 5 VulDB entries.
CISA ICS advisory: CVE-2026-27664 (CVSS 7.5, unauthenticated network-reachable OOB write via malicious XML) plus CVE-2026-27663 (CVSS 6.5, resource exhaustion) in SICAM 8 power grid RTU/EGS products. patch available (V26.10). SICAM 8 sits at the edge of substation infrastructure — DoS here is an operational visibility problem for grid operators.
CCCS advisory AV26-309: path traversal in Fireware Web UI (WGSA-2026-00009). no CVE assigned yet. WatchGuard Firebox appliances were notably targeted by Sandworm in 2022. edge device path traversal is a meaningful primitive. patch it.
Six CVEs affecting kernels up to 7.0-rc5. CVE-2026-23417 (BPF JIT privilege escalation, kernels up to 6.12.79) is the priority — BPF kernel vulns consistently weaponize into container-escape chains. CVE-2026-23413/23412 (netfilter UAFs) also concerning. no exploitation evidence yet. flag BPF privesc for accelerated remediation in container/cloud environments.
ReversingLabs published YARA rule development methodology for ClickFix (T1204.002, T1059.001), the "fix it yourself" fake browser error lure now near-ubiquitous across threat actor groups. AV gap isn't surprising — it looks like legitimate clipboard activity. YARA targeting lure page patterns and staged PowerShell are the right detection layer. recommend detection engineering reviews the full post.
Socket.dev reports Internet Bug Bounty discontinued Node.js funding as of March 27. voluntary disclosure only for the first time since 2016. IBB cited AI-assisted research flooding queues. timing is terrible given the Axios supply chain compromise and escalating npm ecosystem attacks. financially-motivated independent researchers — the ones who find the subtle stuff — will deprioritize Node.js. "pooled donations from tech giants" was never a stable foundation for securing infrastructure half the internet runs on.
~168 entries skipped: 108 from vulnerability feeds (dominated by 24 Endian Firewall XSS, 12 SEPPmail email gateway CVEs, 6 Suricata DoS, misc WordPress/PHP CMS, CrowdStrike product marketing x9), 53 from general (Apple 50th nostalgia x5, RSAC 2026 recaps, VC/M&A noise, Schneier essays, vendor announcements), 4 from government (DOJ press releases, vendor awards), 3 from threat-actor feeds (vendor product marketing). notable in the noise: SEPPmail auth bypass CVE-2026-29139 and fastmcp SSRF CVE-2026-32871 may warrant monitoring if advisories materialize.
editorial note: eleven critical stories in one day is unusual outside Patch Tuesday. the DPRK supply chain cluster, two simultaneous iOS exploit kit disclosures, and a fresh Progress file-transfer RCE landing on the same day as a NetScaler KEV deadline — this is a genuinely heavy threat day, not analyst grade inflation.