Archiv für März 2026

— Special Webcast about Trivy Supply Chain Attacks https://www.sans.org/webcasts/when-security-scanner-became-weapon — Detecting IP KVM Usage https://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824 TeamPCP, Trivy, liteLLM, Iran and more https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ https://blog.gitguardian.com/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/ https://www.sysdig.com/blog/teampcp-expands-supply-chain-compromise-spreads-from-trivy-to-checkmarx-github-actions

The Cloud Security Alliance creates a dedicated nonprofit to govern autonomous AI agent ecosystems through risk intelligence and certification.

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx’s KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down.

Ein mächtiges Exploit-Kit ist auf GitHub aufgetaucht und könnte so zu einer großen Gefahr für iPhones werden. Nutzer sollten dringend auf iOS 26 aktualisieren.

Die Predator-Spyware kann durch das Unterdrücken von Auf­zeich­nungs­an­zei­gen auf Apple-Geräten Nutzer unbemerkt über Kamera und Mikrofon ausspionieren. Obwohl Apple Schutzmechanismen implementiert hat, sind User dieser Malware größtenteils ausgeliefert.

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.

Navigating the Secure Networks Act: What Restricted Equipment Means for Your Organization Most organizations assume that if a technology is widely used, it is acceptable to deploy which is not exactly wrong until the opposite is said. But, List of Equipment and Services Covered By Section 2 of The Secure Networks Act just said the […]

CVE-2026-3055: NetScaler Memory Disclosure Puts SAML-Enabled Edge Devices at Risk Citrix has released fixes for two NetScaler vulnerabilities that security teams should review right away: CVE-2026-3055 and CVE-2026-4368. The first is a critical memory overread issue while the second is a race condition that can cause user session mix-ups. Both matter because NetScaler ADC and […]

JPMorganChase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.