Security & IT News

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,

This is the first update to the TeamPCP supply chain campaign threat intelligence report, When the Security Scanner Became the Weapon (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. Checkmarx ast-github-action: All 91 Tags Were Compromised, Not Just v2.3.28 The most significant new finding since the report s publication: the scope of the Checkmarx ast-github-action compromise was substantially larger than publicly reported. Checkmarx s official security advisory stated that all older versions have been permanently deleted but did not quantify how many tags were affected. This ambiguity allowed the security community to anchor on a single confirmed version (v2.3.28) as the extent of the compromise. Sysdig s analysis characterized it as Checkmarx/ast-github-action/2.3.28: (possibly more). Even Wiz, which assessed that it is likely all tags were impacted, only observed the single tag directly. An independent security researcher who was working this incident firsthand at a Checkmarx customer has now provided primary evidence that all 91 published tags were overwritten every version from v0.1-alpha through v2.3.32. The evidence is publicly visible in the GitHub activity log , which shows 91 tag deletions performed during Checkmarx s remediation between 19:09 and 19:16 UTC on March 23, 2026. Three of the malicious commits are still visible on GitHub: f1d2a3477e0d f58de2470825 aa52a82cddf2 Each malicious commit follows an identical pattern: the legitimate Docker-based action.yml was replaced with a composite action that executes a credential-stealing setup.sh before delegating to the legitimate Checkmarx action at pinned SHA 327efb5d . Each commit was individually crafted with a version-appropriate backdated timestamp and fake commit message (e.g., 2.0.30: PR # ). The attacker did not reuse a single malicious commit across multiple tags they created individual poisoned commits for individual versions. The impact of this under-reporting is material. Organizations that searched their CI/CD logs only for [email protected] would have missed compromised runs referencing any of the other 90 poisoned tags. The credential stealer executed regardless of which tag version was referenced. Recommended action: Search your CI/CD workflow logs for ANY reference to checkmarx/ast-github-action that executed between 12:58 and 19:16 UTC on March 23, 2026. If found, treat all secrets accessible to that workflow as compromised and rotate immediately. The only safe version is v2.3.33, released during remediation. For comparison, the companion kics-github-action received accurate all 35 tags reporting from the outset, largely because GitHub Issue #152 was filed publicly with the title Malware injected in all Git Tags. No equivalent public issue was filed for ast-github-action . CISA Adds CVE-2026-33634 to Known Exploited Vuln

Leaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.

Enterprise AI security solutions in 2026, compare Check Point, Palo Alto, CrowdStrike, Fortinet, and Zscaler across cloud, endpoint, and network.

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected.

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]

EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by security researchers. DarkSword has now leaked online.

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]

WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. [...]

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…

Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. [...]

This practitioner-focused review covers Acalvio ShadowPlex, a deception-first platform designed to stop attacker progress across IT, cloud, OT,…

Conntour uses AI models to let security teams query camera feeds using natural language to find any object, person, or situation.

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very