Sansec researchers have uncovered a payment skimmer malware that uses WebRTC data channels to deliver payloads and exfiltrate payment data, bypassing traditional HTTP-based detection. The malware targets e-commerce sites, exploiting WebRTC's legitimate communication channels to evade security controls and persist on checkout pages.

CVE-2026-33634 is an embedded malicious code vulnerability in Aqua Security's Trivy scanner that exfiltrates CI/CD secrets—including cloud credentials, SSH keys, API tokens, and database passwords—from any pipeline where affected versions execute. The flaw operates with the permissions Trivy already holds during normal pipeline execution, requiring no privilege escalation. CISA has added this to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 9, 2026.

Publicly accusing entities of cyberattacks involves legal, operational, and reputational risks. Organizations must validate evidence thoroughly, coordinate with legal teams, and comply with regulatory frameworks before making attribution statements.

Sen. Ron Wyden warned on March 12, 2026, that a classified legal interpretation of Section 702 FISA authority has been withheld from Congress during multiple reauthorization votes, and that public disclosure will reveal surveillance practices broader than currently understood. The warning comes directly ahead of Section 702's April 2026 reauthorization deadline. Security teams should audit data residency, monitor vendor transparency reports, and treat Section 702's legal scope as an unresolved variable in cloud vendor risk assessments.

CVE-2026-33017 is an unauthenticated code injection vulnerability in Langflow that allows a remote attacker to execute arbitrary code through the public flow-building interface without credentials. Successful exploitation can result in credential theft, data exfiltration, and lateral movement into connected infrastructure. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog with a federal agency patch deadline of April 8, 2026.

TeamPCP has orchestrated targeted supply chain attacks against developer security tools such as Trivy, Checkmarx's KICS, VS Code plug-ins, and the LiteLLM AI library. These attacks aim to compromise software development environments, enabling espionage and data theft. Security teams should enhance supply chain protections, apply timely patches, and monitor for indicators of compromise related to TeamPCP activity.

The PoisonPackage malware family is distributed via an AI-assisted campaign spreading over 300 poisoned packages targeting developer tools and game cheats. The malware persists through startup modifications, exfiltrates sensitive data, and communicates with encrypted C2 servers on Windows and Linux platforms. Detection and removal require auditing package installations, blocking C2 communications, and leveraging updated security signatures from vendors like CrowdStrike.

Japan’s Team Mirai party has integrated AI tools for direct voter engagement, policy formation, and transparency, winning eleven proportional representation seats in 2026. Their open-source platforms, including Gikai and Mirumae, offer scalable models for digital democracy and anti-corruption efforts. This case provides critical insights for cybersecurity professionals monitoring AI’s role in political systems.

After a six-month trial integrating AI tools like Splunk Phantom and IBM QRadar Advisor, two cybersecurity leaders observed improved threat detection and reduced response times in their SOCs. Challenges included alert fatigue, model tuning, and compliance with regulations such as NIST SP 800-53 and NIS2.

TeamPCP, a financially motivated cybercrime group, has launched a supply chain attack delivering the CanisterWorm wiper targeting cloud systems configured for Iran. Leveraging exposed Docker, Kubernetes, and Redis services, the worm destroys data on infected nodes and steals credentials for extortion. Detection involves monitoring cloud control plane exploits and malicious Trivy versions, with removal focusing on credential rotation and securing cloud environments.

The U.S. DOJ, alongside Canadian and German authorities, dismantled four major IoT botnets—Aisuru, Kimwolf, JackSkid, and Mossad—that compromised over three million devices and launched hundreds of thousands of DDoS attacks. The disruption targeted infrastructure used to attack Department of Defense IPs and aimed to prevent further infections and attacks. Users should audit and update IoT devices and monitor for suspicious activity.

CVE-2025-43510 is an improper locking vulnerability in Apple's shared memory subsystem affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A malicious local application can exploit the flaw to corrupt inter-process shared memory, enabling privilege escalation or system service disruption. CISA has added the vulnerability to its KEV catalog with a mandatory federal patch deadline of April 3, 2026.