Weekly Security Intelligence Briefing — Week of 2026-03-23

Executive Summary

The week of March 23, 2026 presents a high-density threat environment characterized by converging supply chain attacks, AI-enabled malware evolution, and sustained ransomware pressure against public-sector and critical infrastructure targets. The SCC pipeline processed over 60 intelligence items this week, identifying three actively exploited CVEs with CISA KEV designations (CVE-2026-3909 in Google Skia, CVE-2025-54068 in Laravel Livewire, and n8n CVE-2025-68613), two critical supply chain compromises affecting CI/CD pipelines at scale (TeamPCP/Trivy and PhantomRaven/npm), and the emergence of AI-assisted malware in active ransomware deployments (Interlock’s Slopoly backdoor). Ransomware struck municipal infrastructure in Foster City, California and Albemarle County, Virginia, while the Marquis breach exposed 672,000 individuals and the Conduent incident — now confirmed as one of the largest in U.S. history — has expanded to affect more than 25 million Americans across multiple state benefit programs. Nation-state activity this week includes confirmed BlueNoroff/Lazarus Group attribution in the Bitrefill cryptocurrency breach, China-nexus actors pivoting to Qatari targets, Russian Sednit resurfacing with a sophisticated new toolkit, and a CISA Emergency Directive issued following a confirmed breach of a U.S. government agency by a suspected state-sponsored actor. The DPRK AI-augmented IT worker scheme drew fresh OFAC sanctions against six individuals and entities. Security teams should prioritize the Trivy/CI-CD supply chain response, CISA KEV remediation deadlines expiring March 27 and April 3, and immediate review of npm dependency integrity across all build pipelines. The combined supply chain and AI-threat signals this week represent a structural shift in attacker capability that warrants board-level awareness.

Critical Action Items

1. Google Skia Out-of-Bounds Write (CVE-2026-3909) — CISA KEV Deadline: March 27, 2026
   Affects Google Chrome, ChromeOS, Android, and Flutter. CVSS 8.8, EPSS 96th percentile, active exploitation confirmed. Update Chrome to the latest stable channel immediately. Enforce auto-update via MDM/Group Policy. Verify ChromeOS and Android patch deployment. Federal agencies must remediate by March 27. Assess Flutter and embedded Skia applications for separate vendor patches.
2. Laravel Livewire Remote Code Execution (CVE-2025-54068) — CISA KEV Deadline: April 3, 2026
   Affects Laravel Livewire versions below 3.6.4. CVSS 9.8, EPSS 94th percentile, CISA KEV confirmed. Upgrade all Livewire installations to 3.6.4 or later immediately. If patching is delayed, restrict Livewire endpoint access at the WAF or network layer. Inventory all Laravel applications including vendor-managed instances. Audit web server logs for anomalous POST requests to /livewire/message or /livewire/update paths.
3. TeamPCP/Trivy CI/CD Supply Chain Attack — CRITICAL, No KEV, Immediate Action Required
   Affects aquasecurity/trivy-action (75 of 76 tags hijacked), setup-trivy (7 tags), and Trivy v0.69.4. Rated critical (CVSS 9.5). Stop all pipeline execution referencing any trivy-action or setup-trivy tag immediately. Pin to verified clean commit SHAs per Aqua Security’s GitHub discussion at github.com/aquasecurity/trivy/discussions/10425. Rotate all secrets, API tokens, SSH keys, and cloud credentials (AWS, GCP, Azure, Kubernetes, Docker) accessible to any pipeline that ran affected versions. Audit npm packages for CanisterWorm follow-on compromise.
4. PhantomRaven npm Supply Chain Campaign — 88 Malicious Packages Active
   Targets Babel ecosystem, GraphQL Codegen, GitHub Actions, GitLab CI, Jenkins, CircleCI. Audit all npm dependencies in CI/CD pipeline configurations. Cross-reference installed packages against the 88 identified malicious packages (see BleepingComputer and GitLab blog sources). Remove confirmed malicious packages and lock dependency versions. Rotate all CI/CD tokens and API keys that may have been exposed in affected build environments.
5. Veeam Backup & Replication Critical RCE Vulnerabilities (Multiple CVEs including CVE-2026-21666, CVSS 9.9)
   Seven critical flaws patched this week allow remote code execution against backup servers. Apply Veeam patches immediately. Prioritize internet-facing backup infrastructure. Confirm that backup repositories are network-isolated from domain-joined production systems. Review inbound access controls on Veeam management interfaces.
6. n8n Remote Code Execution (CVE-2025-68613) — CISA KEV, Active Exploitation
   CVSS 9.9. CISA has added this to KEV and ordered federal agencies to patch. Approximately 24,700 instances remain exposed. Update all n8n instances to the latest patched release immediately. Restrict public internet exposure of n8n instances. Rotate all credentials stored in n8n workflow configurations. Review server logs for anomalous command execution or outbound connections.
7. Interlock Ransomware / Slopoly AI-Generated Backdoor — Active Campaign
   Threat actor Hive0163 is deploying an AI-generated PowerShell backdoor with scheduled task persistence before Interlock ransomware deployment. Hunt for schtasks.exe creating tasks that invoke powershell.exe or cmd.exe with encoded arguments. Enable PowerShell script block logging (Event ID 4104). Search for anomalous structured PowerShell scripts (verbose comments, try/catch patterns) consistent with LLM-generated code. Confirm EDR coverage and tamper protection on all Windows endpoints.
8. CISA Emergency Directive: Confirmed U.S. Government Agency Breach — State-Sponsored Actor Suspected
   Cisco systems referenced in available reporting. Monitor cisa.gov/emergency-directives for the published directive text. Audit all internet-facing Cisco devices and applications for anomalous authentication or configuration changes. Review Cisco Security Advisories for current patch status. Brief CISO and executive leadership on potential supply chain and sector exposure.

Key Security Stories

TeamPCP Weaponizes Trivy Security Scanner in Multi-Stage CI/CD Supply Chain Attack — Second Compromise in Weeks

The week’s highest-severity supply chain event involved the threat actor cluster designated TeamPCP hijacking 75 of 76 version tags in the Aqua Security trivy-action GitHub Actions repository and 7 tags in setup-trivy, replacing them with force-pushed malicious commits containing a Python-based credential infostealer. The attack was a second strike — an earlier compromise of the same repository approximately one month prior was not fully remediated, allowing attackers to regain access and expand the scope. A cascading follow-on campaign, designated CanisterWorm, used credentials harvested from affected CI/CD pipelines to seed 28 or more malicious npm packages. The Trivy v0.69.4 release binary was also compromised. Exposure window for the second incident is approximately March 19, 2026, with a 3–12 hour active compromise window before detection.

The credential theft payload targeted the full spectrum of CI/CD secrets: AWS IAM keys, GCP service account tokens, Azure service principals, Kubernetes service account tokens, Docker registry credentials, SSH private keys, and database connection strings. Exfiltration methods included C2 over HTTP/S (T1041) and exfiltration to code repositories (T1567.001). Persistence on developer workstations was achieved via systemd service installation (T1543.002). This incident demonstrates that tag-based GitHub Actions references — the dominant pattern in enterprise CI/CD workflows — provide no integrity guarantee and that a single compromised open-source security tool can affect thousands of downstream pipelines simultaneously.

Immediate response requires pinning all trivy-action and setup-trivy references to verified clean commit SHAs, rotating all secrets accessible to affected pipelines, and auditing npm dependency trees for CanisterWorm indicators. Organizations that cannot confirm pipeline integrity during the exposure window should treat the event as a confirmed credential compromise and rotate without waiting for forensic confirmation. Sources: Aqua Security GitHub Discussion #10425; StepSecurity advisory; Socket.dev analysis. Note: Referenced GitHub URLs (github.com/aquasecurity/trivy-action, github.com/aquasecurity/trivy/discussions/10425) are identified as confirmed IOC sources in the SCC pipeline data — recommend human validation before operational use.

PhantomRaven npm Campaign: 88 Malicious Packages Targeting CI/CD Credentials Across Four Waves

A threat actor tracked as PhantomRaven published 88 malicious npm packages across four campaign waves between August 2025 and February 2026, with 81 packages confirmed active as of this week’s reporting. The campaign specifically targets developer credentials and CI/CD pipeline secrets by publishing packages that typosquat Babel ecosystem packages and GraphQL Codegen tooling — foundational dependencies in a large proportion of Node.js build environments. Affected CI/CD platforms include GitHub Actions, GitLab CI, Jenkins, and CircleCI. The packages execute malicious code during the npm install phase via postinstall scripts, exfiltrating environment variables, API tokens, and private keys before the build process completes.

Detection requires shifting focus from static analysis to behavioral monitoring during build phases. Key signals include postinstall script execution on recently added or unfamiliar packages, outbound network connections from CI/CD worker nodes during npm install steps, and environment variable access patterns outside explicitly defined pipeline steps. SIEM detection should correlate npm install events with outbound connections on ports 80/443 within a compressed time window from build agents. Standard SCA tooling that relies on name-matching alone will not detect typosquatting variants with behavioral payloads — behavioral analysis capability is required.

The combination of PhantomRaven and the concurrent Trivy/TeamPCP attacks against the same developer tooling layer indicates a coordinated or coincident focus on CI/CD credential theft as a high-yield attack surface. Organizations running Node.js build pipelines should treat the current period as an elevated threat window for supply chain integrity. Sources: BleepingComputer; GitLab Security Blog (URLs flagged as source-reported; recommend human validation).

Interlock Ransomware Deploys AI-Generated Slopoly Backdoor — Hive0163 Signals Tactical Maturity

IBM X-Force identified financially motivated threat actor Hive0163 using an AI-generated PowerShell backdoor designated Slopoly as the persistence and reconnaissance stage before deploying Interlock ransomware. The Slopoly backdoor is notable for its code structure: IBM X-Force analysts identified verbose inline comments, structured variable declarations, and comprehensive try/catch error handling consistent with LLM-generated code rather than human-authored malware. The backdoor achieves persistence via Windows scheduled tasks (T1053.005) using schtasks.exe, communicates via HTTP/S C2 (T1071.001), and facilitates secondary payload delivery (T1105). Initial access is via phishing (T1566), with documented dwell time exceeding one week before ransomware deployment.

The introduction of AI-generated malware into active ransomware attack chains represents a tactical shift that has direct implications for signature-based detection. LLM-generated code produces syntactically valid, well-structured scripts that may evade heuristics tuned for obfuscated or poorly structured malware. Security teams should expand detection coverage to include behavioral indicators: schtasks.exe creating tasks that spawn powershell.exe with encoded arguments, PowerShell script block logs containing LLM-style patterns, Windows Restart Manager API calls (rstrtmgr.dll) loaded by non-system processes proximate to encryption activity, and outbound HTTP/S from powershell.exe processes.

The Slopoly campaign underscores a broader industry observation: AI does not need to produce novel attack techniques to be operationally significant. It lowers the skill threshold for producing functional, evasive malware at scale, accelerating the adversarial iteration cycle. Organizations with PowerShell Constrained Language Mode disabled on endpoints where full functionality is not operationally required should evaluate enforcement as a near-term defensive measure. Sources: IBM X-Force Threat Intelligence; BleepingComputer.

BlueNoroff/Lazarus Group Breaches Bitrefill Crypto Platform via Compromised Endpoint

North Korean state-sponsored threat actor BlueNoroff (Lazarus Group, APT38, MITRE G0032/G0067) was attributed with high confidence to a breach of cryptocurrency gift card platform Bitrefill, disclosed March 1, 2026. Initial access was achieved through compromise of an employee endpoint, followed by lateral movement to production infrastructure, credential theft from database snapshots containing production secrets (T1552), and draining of cryptocurrency hot wallets. Approximately 18,500 customer purchase records were also exfiltrated. Attribution rests on malware signature match, reused infrastructure, and on-chain wallet tracing to known DPRK-controlled addresses.

The attack follows the established BlueNoroff playbook: phishing-based initial endpoint compromise, dwell period for reconnaissance, lateral movement via remote services (T1021), credential access from snapshot or backup environments containing plaintext secrets (T1552, T1555), and financial theft targeting cryptocurrency infrastructure (T1657). The Bitrefill incident is the latest in a sustained DPRK campaign to generate hard currency through cryptocurrency theft, consistent with OFAC sanctions actions and FBI/CISA advisories tracking this activity pattern across the financial sector.

Organizations operating cryptocurrency infrastructure or with employee exposure to digital assets should audit production secret storage practices, confirm that hot wallet signing keys are not co-located with or accessible from backup or snapshot environments, and enforce hardware-bound MFA on all endpoints with production access. Rotate all production secrets, API keys, and service account credentials as a precautionary measure if endpoint compromise cannot be ruled out. Cross-reference outbound connections and authentication events against CISA and MITRE ATT&CK G0032 IOC sets. Sources: Bitrefill official X disclosure; BleepingComputer; The Record.

Conduent Data Breach Expands to 25+ Million Americans Across Multiple State Benefit Programs

The Conduent data breach, first disclosed in early 2026, has expanded to affect more than 25 million individuals through the company’s role as a business process outsourcer for state government benefit and social services programs. Texas officials described it as the largest hack in U.S. history affecting state government data. Affected programs include Texas and New Jersey benefit systems, with additional states likely given Conduent’s footprint across U.S. government BPO contracts. Exposed data includes personally identifiable information and potentially benefit-related records for millions of American citizens.

No confirmed IOCs have been publicly released. The attack TTPs are consistent with valid account compromise (T1078), data repository access (T1213), cloud storage exfiltration (T1530), and C2-channel data exfiltration (T1041). The incident highlights a systemic risk in government BPO contracts: a single third-party processor with access to multiple state benefit systems creates a single point of failure affecting tens of millions of individuals simultaneously. Organizations with Conduent contracts or data-sharing relationships should formally request breach scope confirmation in writing, assess downstream notification obligations, and review data processing agreements for contractual breach notification timelines.

Worth noting: this touches legal and regulatory interpretation — organizations with data-sharing agreements with Conduent should verify notification obligations with legal counsel before finalizing timelines. Sources: BleepingComputer; The Register; state government disclosures from Texas and New Jersey.

Perplexity Comet AI Browser Exploited for Credential Theft and Phishing in Under Four Minutes

Researchers from Guardio, Trail of Bits, and Zenity Labs demonstrated that Perplexity’s Comet AI browser, prior to patching, could be manipulated into autonomously executing phishing attacks, performing credential theft from 1Password vaults, accessing Gmail, and exfiltrating data — all triggered by a malicious calendar invite containing prompt injection instructions. The attack exploited weaknesses in how the AI agent processes untrusted web content and executes actions on behalf of users, bypassing conventional user confirmation requirements. The attack surface is the agent’s reasoning layer, not the user’s judgment.

This research category — adversarial prompt injection against agentic AI browsers — represents a structural attack surface that does not exist in conventional browser threat models. Standard phishing and credential-access detections are insufficient because the malicious action is performed by the agent, not the user. Detection must shift toward behavioral anomalies in agent activity: credential manager access events initiated by browser automation processes, browser extension activity generating outbound transfers to unfamiliar domains, and calendar invite processing resulting in URL navigation or form submission. Organizations deploying agentic AI tools with access to credential managers, email, or authenticated SaaS sessions should treat the Comet vulnerability as a class-level warning about any similarly architected product.

The MITRE technique mapping for this attack class spans T1555 (Credentials from Password Stores), T1185 (Browser Session Hijacking), T1557 (Adversary-in-the-Middle), T1539 (Steal Web Session Cookie), and T1566.002 (Spearphishing Link). Organizations should inventory all AI browser tools and agentic AI products, verify patch status for Comet, and restrict agentic tool permissions to credential stores pending vendor trust boundary controls. Sources: The Hacker News; Guardio research; Trail of Bits.

Azure Monitor Weaponized for Callback Phishing Bypassing All Email Authentication Controls

A confirmed active campaign is exploiting Microsoft Azure Monitor’s alert notification system to deliver TOAD (Telephone-Oriented Attack Delivery) / callback phishing emails that pass all email authentication checks including SPF, DKIM, and DMARC. Attackers create Azure Monitor alert rules with malicious content in the alert description field, causing legitimate Microsoft infrastructure at azure-noreply@microsoft.com to deliver phishing content directly to targets. The current lure references a fabricated Windows Defender billing charge of $389.90 and instructs recipients to call an attacker-controlled phone number.

This attack vector is particularly dangerous because it requires no spoofing, no malicious attachment, and bypasses all email security controls that rely on sender authentication. The malicious content exists in the alert description, not the sending infrastructure. Organizations using Azure should audit Monitor alert rules across all subscriptions for unauthorized configurations, particularly alert descriptions containing phone numbers, billing language, or impersonation of Microsoft support teams. Azure Activity Log queries for microsoft.insights/alertrules/write events by unfamiliar identities should be run immediately. Alert all Azure administrators and help desk staff that azure-noreply@microsoft.com emails may contain injected attacker content.

Detection in Microsoft 365 mail flow requires custom rules that flag messages from azure-noreply@microsoft.com where body content matches phone number patterns and billing keywords. Standard Microsoft DLP and ATP policies do not catch this because the sender is legitimate. Update security awareness training to include callback phishing scenarios and communicate clearly that Microsoft never issues billing charges via Azure Monitor alert emails. Sources: BleepingComputer (SCC-CAM-2026-0075); SCC internal analysis.

DPRK AI-Augmented IT Worker Scheme Draws OFAC Sanctions — Six Entities Designated

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned six individuals and entities this week in connection with the North Korean IT worker scheme, in which DPRK nationals use fabricated identities — now augmented with AI-generated deepfakes via Faceswap, jailbroken LLMs, and Astrill VPN for origin masking — to obtain remote employment at U.S. companies and generate revenue for the regime’s weapons programs. Salesforce was cited as an example victim environment. The scheme has been detected at companies in financial services, technology, and professional services, with embedded workers conducting data exfiltration (T1213, T1567), access token manipulation (T1134), and extortion upon termination.

The AI augmentation of this scheme is operationally significant: deepfake video interviews now defeat conventional visual identity verification, and AI-assisted resume and code generation makes DPRK workers competitive for technical roles. Detection requires shifting from visual verification to behavioral analytics post-hire: login geography inconsistent with stated location, bulk data access or export to personal cloud storage, use of Astrill VPN or residential proxy infrastructure, and access patterns inconsistent with the employee’s stated time zone. IP Messenger process execution on managed endpoints is a specific behavioral indicator.

Organizations should cross-reference current and recent remote contractor rosters against the OFAC SDN list additions, audit privileged account activity for contractors hired in the past 24 months, and review hiring workflows to require live unscripted video interviews with identity document verification against the live face. Any contractor who resisted camera-on requirements, used virtual backgrounds with inconsistent motion, or provided references that do not resolve to verifiable organizations should be escalated for review. Worth noting: any payment to a sanctioned individual carries civil liability regardless of intent — verify obligations with legal counsel. Sources: OFAC Treasury.gov; BleepingComputer; IBM X-Force.

Ransomware Hits Foster City and Albemarle County — Municipal Government Under Sustained Pressure

Ransomware attacks disrupted municipal government operations in both Foster City, California and Albemarle County, Virginia this week. Foster City declared a cybersecurity emergency, with non-emergency IT and communication systems taken offline. Albemarle County confirmed a data breach affecting PHI and PII, with notification obligations under HIPAA and Virginia breach notification statutes. Neither incident has confirmed attribution or publicly released IOCs at time of reporting. Both incidents follow the behavioral pattern of double-extortion ransomware: dwell period followed by backup destruction (T1490), data exfiltration (T1041), and encryption (T1486).

The municipal government sector continues to represent a high-value, low-resilience target class for ransomware operators. Common entry vectors include phishing (T1566) and exploitation of unpatched or weakly authenticated remote access services (T1078, T1190). Detection focus should cover volume shadow copy deletion commands, mass file rename activity, service termination events for backup and security tools, and authentication anomalies preceding the encryption event. Organizations should confirm offline or immutable backup status and verify that backup stores are not reachable from domain-joined or production systems — Beast Gang’s exposed operational playbook confirmed this week that backup destruction is a pre-encryption doctrine, not an afterthought.

CISA’s MS-ISAC and the relevant state CISOs should be notified per applicable sector information-sharing agreements. Sources: Foster City official communications; Albemarle County public disclosure; BleepingComputer.

Warlock Ransomware Adds BYOVD Kernel-Level EDR Bypass to Ransomware Playbook

The Warlock ransomware campaign this week confirmed use of Bring Your Own Vulnerable Driver (BYOVD) technique to disable EDR agents at the kernel level before payload delivery. This technique — previously associated primarily with nation-state and sophisticated criminal groups — is now appearing in ransomware operations, signaling broader adoption across the threat ecosystem. Warlock drops a signed but vulnerable kernel driver, exploits it to gain kernel-level execution, and terminates EDR agent processes (T1562.001) before deploying ransomware (T1486). No specific driver hashes or Warlock IOCs were confirmed in available sources at time of reporting.

The operational implication is that EDR tamper protection, while necessary, is insufficient against BYOVD if the attack achieves kernel context before the protection mechanism activates. Detection requires kernel driver load event monitoring (Sysmon Event ID 6) cross-referenced against Microsoft’s recommended vulnerable driver blocklist and the community-maintained LOLDrivers project at loldrivers.io. Organizations should enforce Windows Defender Application Control (WDAC) with the Microsoft-maintained blocklist to prevent loading of known-vulnerable drivers. SeLoadDriverPrivilege should be restricted to accounts with documented operational requirement. The Beast Gang OpSec failure reported this week further confirmed that pre-encryption backup destruction is standard ransomware doctrine — backup integrity verification must precede any encryption detection response.

Sources: BleepingComputer; SCC internal analysis (SCC-CAM-2026-0065); LOLDrivers project (loldrivers.io).

DarkSword iOS Exploit Kit: State Espionage and Financial Crime Across Four Nations

The DarkSword iOS exploit kit was reported targeting iPhone users across Saudi Arabia, Turkey, Malaysia, and Ukraine, combining state espionage objectives with financial crime in a single campaign. The kit exploits unconfirmed iOS vulnerabilities to achieve privilege escalation, device data collection, and location tracking. A companion campaign, Coruna, targets iOS versions below 15.8.7 and 16.7.15 via watering hole attacks. No CVE assignments, Apple security advisories, or confirmed IOCs were available in T3 sources at time of reporting — this item requires verification against official Apple Security Releases before final escalation decisions.

The iOS threat landscape this week is elevated: DarkSword, Coruna, and the Perseus Android banking trojan (targeting note-taking apps including Google Keep, Evernote, OneNote, Samsung Notes) collectively represent active mobile threat campaigns spanning both major platforms. The critical defensive action is immediate iOS patch deployment to 15.8.7/iPadOS 15.8.7 or 16.7.15/iPadOS 16.7.15 via MDM. Devices on iOS 13 or 14 have no patch path and require hardware replacement planning. BYOD devices accessing corporate resources without MDM enrollment should be subject to conditional access policies pending patching. Sources: The Hacker News; Forbes; BleepingComputer.

CISA KEV & Critical CVE Table

CVE	Product	CVSS	EPSS	Status	KEV Deadline	Description
CVE-2026-3909	Google Skia (Chrome, ChromeOS, Android, Flutter)	8.8	96.8th %ile (0.3306)	CISA KEV — Active Exploitation Confirmed	March 27, 2026	Out-of-bounds write in Skia rendering engine. Exploitable via crafted HTML enabling drive-by compromise (T1189) and client execution (T1203). Affects all WebKit-dependent Chrome-family products.
CVE-2025-54068	Laravel Livewire < 3.6.4	9.8	94.7th %ile (0.15973)	CISA KEV — Active Exploitation Confirmed	April 3, 2026	Remote code execution via code injection in Livewire component update endpoints. Unauthenticated exploitation possible against public-facing Laravel applications. Patch to 3.6.4.
CVE-2025-68613	n8n workflow automation	9.9	Not available	CISA KEV — Active Exploitation Confirmed, ~24,700 exposed instances	Federal agency deadline per CISA KEV	Critical RCE vulnerability in n8n. Enables command execution and access to stored credentials. CISA ordered federal agencies to patch. Update to latest patched release immediately.
CVE-2026-22557 / CVE-2026-22558	Ubiquiti UniFi Network Application	10.0 / 9.8	Not published	Not CISA KEV — Vendor patch available (Bulletin 062)	No federal deadline; patch immediately	Critical authentication and account hijacking vulnerabilities in UniFi Network Application. Account takeover and session fixation exploitation possible. Apply Ubiquiti Security Advisory Bulletin 062.
CVE-2026-21666 (and 6 additional)	Veeam Backup & Replication	9.9	Not available	Not CISA KEV — Vendor patch released this week	No federal deadline; patch immediately	Seven critical RCE vulnerabilities in Veeam Backup & Replication. Remote code execution against backup servers possible. Apply Veeam March 2026 security updates. Isolate backup infrastructure from domain-joined systems.
CVE-2026-24291	Microsoft Windows (Registry/Accessibility Feature)	Not confirmed (EPSS 18.7th %ile)	0.00061	Not CISA KEV — PoC reported; vendor advisory pending	Monitor MSRC for official advisory	Reported Windows Registry accessibility feature privilege escalation to SYSTEM (CWE-269). No official MSRC advisory confirmed at time of reporting. Monitor NVD and MSRC before acting on secondary reporting.
CVE-2026-20643	Apple WebKit	8.3	7.9th %ile	Not CISA KEV — Apple patch available via Background Security Improvements	No federal deadline; patch via MDM	Same-origin policy bypass in WebKit. Affects Safari and all iOS/iPadOS browsers. Enables browser session hijacking (T1185) and drive-by compromise (T1189). Apply via MDM on all managed Apple devices.
CVE-2026-32746	GNU InetUtils telnetd	9.8	17.7th %ile	Not CISA KEV — No patch available as of reporting date	No patch available; disable telnetd immediately	Unauthenticated RCE in GNU InetUtils telnetd. All versions affected. No patch released. Disable telnetd on all systems and block TCP port 23 at perimeter. Replace with SSH.
TeamPCP/Trivy (no CVE)	aquasecurity/trivy-action, setup-trivy, Trivy v0.69.4	9.5 (qualitative)	N/A — supply chain campaign	Not CISA KEV — Active supply chain attack; immediate response required	No formal deadline; treat as active incident	75/76 trivy-action tags force-pushed with credential infostealer payload. All secrets in exposed pipeline environments should be treated as compromised. Pin to verified SHA immediately and rotate all credentials.

Supply Chain & Developer Tool Threats

Trivy/TeamPCP: The Highest-Risk CI/CD Supply Chain Event of the Quarter

The TeamPCP campaign against Aqua Security’s Trivy scanner represents the most operationally significant supply chain attack this week. By hijacking mutable GitHub Actions tags — a practice normalized across the industry — attackers gained code execution rights within any CI/CD pipeline that referenced the affected tags. The attack’s scope is extraordinary: trivy-action is one of the most widely deployed container security scanning actions in enterprise GitHub Actions workflows, meaning the blast radius encompasses potentially thousands of organizations. The follow-on CanisterWorm npm worm demonstrates that attackers are now using stolen CI/CD credentials to propagate further into the software ecosystem, turning supply chain attack victims into unwitting participants in subsequent attacks.

PhantomRaven: 88 Malicious npm Packages Across Four Campaign Waves

The PhantomRaven campaign is notable for its systematic focus on foundational JavaScript tooling: Babel, GraphQL Codegen, and related packages are direct dependencies in a large proportion of modern JavaScript and TypeScript applications. By placing malicious postinstall scripts in typosquatted variants of these packages, the campaign achieves execution in nearly every developer’s local environment and CI/CD pipeline that installs npm packages without integrity verification. The campaign’s multi-wave structure (August 2025 through February 2026) suggests sustained operational planning rather than opportunistic attacks. Organizations should enforce private npm registries with allow-listing and implement SCA tooling with behavioral analysis rather than static name-matching.

GlassWorm: Dependency-Layer Implants Bypass Extension-Focused Scanning

The GlassWorm campaign (SCC-CAM-2026-0040) specifically targets the gap between extension-level scanning and transitive dependency inspection. Most SCA tooling in enterprise CI/CD environments scans direct dependencies and top-level packages but does not fully inspect transitive dependency trees for behavioral indicators. GlassWorm exploits this gap by embedding malicious code in dependencies of dependencies — packages that appear clean at the surface level. Organizations should audit their SCA tooling coverage to confirm transitive dependency inspection is enabled and cross-reference package manifests against OpenSSF Package Analysis, Socket.dev, and Phylum databases.

UNC6426 Demonstrates Downstream Impact of Prior nx Supply Chain Attack

The additional news item this week describing UNC6426’s exploitation of credentials stolen via the prior nx npm supply chain compromise to achieve full cloud environment breach within 72 hours provides a real-world case study of supply chain attack cascading. The attack began with a stolen GitHub token, escalated to AWS admin access, and resulted in complete cloud environment compromise. This incident should be treated as a planning scenario for any organization that experienced npm dependency compromise in the preceding months — the credential theft may have occurred long before the impact was realized.

Aura Identity Platform Breached via Vishing by ShinyHunters — Legacy Acquisition Database Exposed 900K Records

The ShinyHunters breach of Aura illustrates a compounding supply chain risk: a legacy database from a 2021 acquisition, not fully subject to current data governance controls, became the exfiltration target after social engineering defeated SSO authentication. This pattern — M&A-inherited infrastructure with weaker controls providing lateral access to data assets — is a recognized but frequently unaddressed risk in vendor security assessments. Organizations should include explicit post-acquisition data inventory, classification, and access control normalization as a formal program requirement with defined timelines. The vishing initial access vector (T1566.004) also highlights the continued effectiveness of telephone-based social engineering against help desk and IT support staff.

Nation-State & APT Activity Summary

North Korea (DPRK) — BlueNoroff / Lazarus Group / APT38 / Hive0163

Bitrefill Breach (BlueNoroff): High-confidence attribution to BlueNoroff/Lazarus Group for the Bitrefill cryptocurrency platform breach via compromised employee endpoint. Lateral movement to production infrastructure, credential theft from database snapshots, cryptocurrency hot wallet draining, and 18,500 customer records exfiltrated. On-chain wallet tracing confirmed DPRK-controlled addresses as recipients. This is consistent with the sustained DPRK financial theft campaign targeting cryptocurrency platforms globally.

DPRK IT Worker Scheme — OFAC Sanctions SB0416: OFAC sanctioned six individuals and entities this week for participation in the AI-augmented DPRK IT worker scheme. Designated entities include front companies that place DPRK IT workers at U.S. employers via fabricated identities. AI tools including deepfake video (Faceswap), jailbroken LLMs, and Astrill VPN are now confirmed operational components. Salesforce environments are a documented target. Data exfiltration, access token manipulation, and extortion upon termination are confirmed post-placement TTPs.

Slopoly/Interlock (Hive0163): IBM X-Force attributed the AI-generated Slopoly backdoor to Hive0163, a financially motivated actor operating within the broader DPRK-aligned threat ecosystem. The use of AI-generated malware in active ransomware chains is a first-confirmed tactical evolution for this actor cluster. MITRE techniques: T1059.001, T1053.005, T1071.001, T1105, T1486, T1041.

China-Nexus Actors

Southeast Asian Military Networks: SCC-CAM-2026-0029 documents a China-nexus actor maintaining multi-year persistent access to Southeast Asian military and defense sector networks via novel backdoors. TTPs include boot/logon autostart execution (T1547), C2 over standard protocols (T1071), scheduled task persistence (T1053), obfuscation (T1027), credential dumping (T1003), and masquerading (T1036). Attribution to China-nexus based on tooling, infrastructure, and targeting patterns per source reporting.

Qatar Pivot: Additional reporting this week (Dark Reading) documents two attacks on Qatari entities by Chinese-nexus actors, signaling a rapid geopolitical pivot in response to Middle East conflict dynamics. This represents a notable geographic expansion beyond the Southeast Asian focus documented in the persistent access campaign.

EU Sanctions — Integrity Technology Group / i-Soon (Anxun): The EU formalized sanctions this week against Integrity Technology Group (Flax Typhoon/Raptor Train botnet operator) and i-Soon/Anxun Information Technology, with published IOC references via CISA Advisory AA24-249A and AA25-071A. Organizations should cross-reference these against existing threat intelligence and ensure Flax Typhoon botnet IOCs are in current blocklists.

Russia-Nexus Actors

Sednit Resurfaces: Dark Reading reported this week that Russian threat actor Sednit (APT28/Fancy Bear) has returned to active operations after several years of using simple implants, now deploying two new sophisticated malware tools. Technical details were not confirmed in available T3 sources at time of this briefing. Security teams with Russia-nexus threat exposure should monitor ESET and CISA for detailed Sednit TTP and IOC disclosures as they are published.

Laundry Bear (DRILLAPP/UAC-0190/Void Blizzard): Laundry Bear was documented this week deploying the DRILLAPP backdoor, which abuses Microsoft Edge’s headless mode and Chrome DevTools Protocol (CDP) for covert C2, keylogging, screen capture, audio capture, and video capture. Initial access uses LNK files and Windows Control Panel module abuse. The campaign targets Ukrainian government and defense entities. Behavioral IOC: msedge.exe launched with –headless and –remote-debugging-port flags from non-standard parent processes.

Konni APT (North Korea-aligned): Konni APT was documented turning victims into propagation vectors by abusing compromised KakaoTalk desktop sessions to distribute malicious ZIP files containing EndRAT (AutoIt-based RAT) to victim contact lists. The campaign deploys EndRAT, RftRAT, and Remcos as a multi-RAT persistence strategy on high-value targets. Related November 2025 activity included Google credential theft enabling Android remote wipe.

Iran-Nexus Actors

Handala/Stryker: Iran-linked hacktivist group Handala claimed a data-wiping attack against Stryker Corporation, deploying wiper malware that took the medtech company’s systems offline. Attribution rests on Handala self-reporting; independent technical confirmation was not available at time of reporting. Handala has previously conducted attacks abusing Microsoft Intune administrative access (SCC-CAM-2026-0047) to wipe managed endpoints at scale.

Iran MOIS + Criminal Collaboration: Dark Reading reported this week that Iranian Ministry of Intelligence and Security (MOIS)-affiliated APT groups are now collaborating with actual cybercriminal organizations rather than simply impersonating them — a significant escalation in the Iran-nexus threat model that expands both capability and targeting reach.

EU Sanctions — Emennet Pasargad: Emennet Pasargad was included in the EU sanctions action this week, with TTPs including external defacement (T1491.002), data exfiltration over web services (T1567), botnet development (T1583.005/T1584.005), and phishing for information (T1598).

Phishing & Social Engineering Alert

Azure Monitor Callback Phishing — Bypasses All Email Authentication

The most technically novel phishing campaign active this week exploits Microsoft Azure Monitor’s legitimate alert notification infrastructure. Attackers create Azure Monitor alert rules with phishing content embedded in the description field, triggering delivery from the authenticated azure-noreply@microsoft.com sending infrastructure. Because the email is genuinely sent by Microsoft’s servers, it passes SPF, DKIM, and DMARC checks and is delivered without modification by email security gateways. The current campaign lure uses a fabricated $389.90 Windows Defender billing charge and directs recipients to call an attacker-controlled phone number. This is a TOAD (Telephone-Oriented Attack Delivery) pattern — the phone call is where credential theft or remote access tool installation occurs. Microsoft does not issue billing charges via Azure Monitor alert emails; any such email should be treated as malicious.

Detection: Query M365 mail flow logs for messages from azure-noreply@microsoft.com containing phone number patterns and billing keywords (Windows Defender, subscription, renewal, dollar amounts). Audit Azure Activity Log for unauthorized alert rule creation (microsoft.insights/alertrules/write). Alert all Azure administrators and help desk staff. Any user who called a number from such an email should be treated as a potential incident and their endpoint investigated for remote access tool installation (AnyDesk, TeamViewer, ScreenConnect).

ClickFix Social Engineering — macOS and Windows Targeting AI Tool Users

The MacSync/ClickFix campaign cluster continues to evolve, now targeting users of AI developer tools including Claude Code, ChatGPT desktop, and GitHub CLI through fake error pages and CAPTCHA prompts that instruct users to copy-paste AppleScript or PowerShell commands into Terminal or Run dialog. The campaign delivers credential stealers (T1555, T1552.001), session cookie theft (T1539), and cryptocurrency wallet drainers (Exodus, Atomic, Ledger Live). The social engineering vector is effective because it exploits user familiarity with troubleshooting prompts in developer workflows and the implied authority of impersonated AI tools.

Security awareness training should be updated immediately to explicitly address the ClickFix pattern: legitimate software never instructs users to paste commands into Terminal or Windows Run dialog as part of normal troubleshooting. Block or alert on osascript (AppleScript) execution launched from browser parent processes on macOS. Monitor for PowerShell launched via browser process on Windows with encoded command arguments.

LeakNet Ransomware — ClickFix + Deno In-Memory Loader Eliminates Access Broker Dependency

LeakNet ransomware this week demonstrated operational maturity by combining ClickFix social engineering entry points (msiexec.exe user-initiated execution via browser or Teams lure) with the Deno JavaScript runtime as an in-memory loader, AWS S3 for data exfiltration staging, and PsExec for lateral movement. The use of Deno as a fileless loader is notable: Deno is a legitimate JavaScript/TypeScript runtime with no standard enterprise deployment use case, making its presence on endpoints a high-confidence anomaly indicator. The campaign eliminates dependence on access broker services by self-handling initial access through social engineering — a significant operational maturation for this actor.

Key behavioral IOCs: deno.exe execution from user-writable directories; msiexec.exe spawned by browser or Teams process; klist.exe execution by non-privileged accounts; PSEXESVC service creation (Event ID 7045); outbound HTTPS to s3.amazonaws.com from non-baseline hosts. Any two of the first three behavioral indicators on the same host within 60 minutes warrant immediate escalation.

ShinyHunters — Continued Vishing-Based Attacks Against Identity Platforms

ShinyHunters continued active vishing operations this week, with the Aura identity platform breach confirmed. The group’s methodology — telephone-based social engineering against help desk staff or IT support to obtain SSO credential access, followed by bulk data export from cloud storage — has now been successful against multiple high-profile identity and security platforms. The Aura breach is particularly ironic given that Aura is itself an identity protection service. The 900,000-record dataset includes approximately 865,000 legacy contacts from a 2021 acquisition and approximately 35,000 current/former customers. ShinyHunters has a documented pattern of posting exfiltrated data to BreachForums successor platforms — monitor for organizational domain or email pattern mentions in those channels.

Indicators of Compromise

Note: Many items this week have no confirmed public IOCs at time of reporting. The table below includes confirmed behavioral indicators, tool-based indicators, and source-reported network indicators with confidence levels. Hash-based and infrastructure-based IOCs should be retrieved from primary sources before operational deployment. Unverified URLs are labeled accordingly per GAIO URL policy.

Campaign / Story	Indicator Type	Value	Confidence	Context
TeamPCP/Trivy	URL (Source-reported; validate before use)	github.com/aquasecurity/trivy-action	High	Official repo — 75/76 tags hijacked. Pin to verified SHA. Do not use tag references.
TeamPCP/Trivy	URL (Source-reported; validate before use)	github.com/aquasecurity/trivy/discussions/10425	High	Aqua Security official incident discussion — source for clean SHA references and remediation status.
TeamPCP/Trivy	Behavioral — Process	Python/Python3 spawned from trivy-action CI step (not Go binary)	High	The infostealer payload is Python-based; Python process in Trivy step is an execution indicator.
TeamPCP/Trivy — CanisterWorm	Behavioral — npm	Modified postinstall/preinstall scripts in lockfiles not present in prior committed state	High	CanisterWorm persistence in npm packages; audit package-lock.json and yarn.lock against prior commits.
Azure Monitor Callback Phishing	Email Sender (Legitimate infrastructure weaponized)	azure-noreply@microsoft.com	High	Legitimate Microsoft sender abused. Presence alone is not malicious — inspect body for phone numbers and billing lures.
Azure Monitor Callback Phishing	Behavioral Pattern	Fabricated charge: $389.90 Windows Defender billing	Medium	Lure amount reported in source coverage; may vary. Treat any Azure alert referencing Defender billing as suspicious.
Interlock/Slopoly (Hive0163)	Behavioral — Process	schtasks.exe creating tasks that invoke powershell.exe with encoded arguments	High	Slopoly persistence mechanism. Filter Event ID 4698/4702 for tasks with Base64 or long-argument powershell.exe actions.
Interlock/Slopoly (Hive0163)	Behavioral — Script	PowerShell script block logs (Event ID 4104) with structured inline comments, verbose variable declarations, try/catch error handling in scripts not from known repositories	High	Behavioral marker of LLM-generated code (Slopoly). Not a signature; requires human analyst review for confirmation.
Interlock/Slopoly (Hive0163)	Behavioral — Windows API	rstrtmgr.dll loaded by non-system processes proximate to file encryption activity	Medium	Windows Restart Manager API used in pre-ransomware staging. Flag non-system processes loading this DLL.
LeakNet Ransomware	Behavioral — Process	deno.exe execution from user-writable directories (%TEMP%, %APPDATA%)	Medium	Deno has no standard enterprise use case. Any execution from non-standard path is high-confidence anomaly.
LeakNet Ransomware	Behavioral — Process	msiexec.exe spawned by browser process (chrome.exe, msedge.exe, firefox.exe, Teams)	High	ClickFix initial access via user-initiated msiexec execution. Flag immediately.
LeakNet Ransomware	Behavioral — Service	PSEXESVC service creation (Windows Event ID 7045) from non-IT source hosts	High	PsExec lateral movement indicator (T1569.002). Correlate with prior Deno or msiexec activity on same host.
LeakNet Ransomware	Behavioral — Network	Outbound HTTPS to *.s3.amazonaws.com from non-baseline endpoint hosts	Medium	Data exfiltration to attacker-controlled AWS S3 bucket (T1537). Correlate with prior Deno/msiexec activity.
GSocket Backdoor	Domain (Legitimate tool abused)	gsocket.io	Medium	GSocket leveraged via bash delivery to establish covert C2 tunnels. Unexpected outbound connections to this domain from production Linux hosts warrant investigation.
GSocket Backdoor	Behavioral — Process	gs-netcat, gsocket, or gs-sftp binaries present on filesystem	High	Run: find / -name ‘gs-netcat’ -o -name ‘gsocket’ 2>/dev/null. Presence outside approved deployments is a confirmed IOC.
DRILLAPP / Laundry Bear	Behavioral — Process	msedge.exe –headless –remote-debugging-port=* (CDP port exposure)	High	DRILLAPP execution pattern. Edge in headless mode with CDP port open from non-automation parent process is a confirmed indicator.
DRILLAPP / Laundry Bear	Domain (Legitimate service abused)	pastefy.app	Medium	Legitimate pastebin service abused for C2 staging by DRILLAPP. Outbound connections from workstations warrant investigation.
DRILLAPP / Laundry Bear	Behavioral — Registry	HKCU\Software\Microsoft\Windows\CurrentVersion\Run — new entry referencing msedge.exe or script runner	Medium	Persistence mechanism consistent with T1547.001. Review for anomalous entries post-infection.
Konni APT	File Type	LNK/Windows Shortcut files in user-writable paths with encoded arguments to cmd.exe or wscript.exe	High	Initial access vector for EndRAT delivery. Detect LNK creation in %APPDATA%, %TEMP%, Downloads with encoded command-line arguments.
Konni APT	Malware Family	EndRAT (AutoIt3.exe based), RftRAT, Remcos	High	Multi-RAT deployment by Konni on high-value targets. AutoIt3.exe from non-standard paths is a behavioral indicator.
DarkSword iOS / Coruna	Note	No confirmed IOCs available	Low	No CVEs, hashes, or network indicators confirmed in T3 sources. Detection relies on MDM/MTD behavioral telemetry. Verify against Apple Security Releases before escalation.
PhantomRaven npm	URL (Source-reported; validate before use)	bleepingcomputer.com/news/security/new-phantomraven-npm-attack-wave-steals-dev-data-via-88-packages/	Low	Primary news source with package name list. Validate before use. URL is source-reported per SCC pipeline.
Beast Gang / Ransomware	Behavioral — Command	vssadmin delete shadows; wbadmin delete catalog; bcdedit /set recoveryenabled no	High	Pre-encryption backup destruction commands (T1490). Alert on any execution; these commands have no legitimate routine administrative use in most environments.
Warlock Ransomware / BYOVD	Behavioral — Driver	Signed drivers loaded from unusual paths or with mismatched signing metadata (cross-reference loldrivers.io)	Medium	BYOVD technique. No specific driver hashes confirmed. Use LOLDrivers and Microsoft WDAC blocklist for detection.
Conduent / ShinyHunters	Note	No confirmed IOCs published	Low	No attacker infrastructure confirmed. Monitor dark web feeds for dataset listings. Detection focuses on third-party access anomalies, not internal compromise.

Helpful 5: High-Value Low-Effort Mitigations

1. Pin All GitHub Actions to Verified Commit SHAs — Now, Not on the Next Sprint

Why this week: The TeamPCP/Trivy attack compromised 75 of 76 trivy-action version tags by force-pushing malicious commits to mutable tags. Tag-based GitHub Actions references are the dominant enterprise pattern and provide zero integrity guarantee. This single change eliminates the primary attack vector for the Trivy campaign and all similar future supply chain attacks.

How:

1. Run grep -r 'uses:' .github/workflows/*.yml across all repositories to find tag-based references.
2. For each third-party action, retrieve the full 40-character commit SHA: git ls-remote https://github.com/[owner]/[repo] refs/tags/[version]
3. Replace uses: action/name@v1.2.3 with uses: action/name@[full-sha] # v1.2.3
4. Enforce via branch protection rules or OPA/Conftest policy-as-code to reject new PRs that introduce tag references.
5. Deploy StepSecurity Harden-Runner or equivalent for runtime egress monitoring of CI/CD pipeline network activity.

Framework alignment: NIST CSF 2.0 GV.SC-01 (Supply chain risk management); NIST SP 800-53 SR-3 (Supply Chain Controls), SI-7 (Software Integrity); CIS v8 Control 2.5 (Allowlist Authorized Software), 15.1 (Service Provider Inventory).

2. Enable PowerShell Script Block Logging and Constrained Language Mode

Why this week: The Slopoly AI-generated backdoor (Interlock/Hive0163), LeakNet’s Deno-based loader, and multiple other campaigns this week use PowerShell as the execution engine. Script block logging (Event ID 4104) provides visibility into in-memory and encoded script content that process logging alone cannot capture. Constrained Language Mode prevents PowerShell from executing arbitrary .NET code, blocking the majority of PowerShell-based malware.

How:

1. Enable script block logging via Group Policy: Computer Configuration → Administrative Templates → Windows Components → Windows PowerShell → Turn on PowerShell Script Block Logging → Enabled.
2. Enable Module Logging simultaneously to capture module imports.
3. For endpoints where full PowerShell functionality is not operationally required, set Constrained Language Mode via WDAC (Windows Defender Application Control) policy or AppLocker PowerShell rules.
4. Forward Event ID 4104 logs to SIEM. Create detection rules for scripts containing Base64-encoded arguments, IEX (Invoke-Expression), and structured comment blocks consistent with LLM-generated code.

Framework alignment: NIST SP 800-53 CM-7 (Least Functionality), SI-4 (System Monitoring), SI-3 (Malicious Code Protection); CIS v8 Control 2.5, 2.6; MITRE ATT&CK T1059.001 mitigation.

3. Enforce Phishing-Resistant MFA on All Privileged and Remote Access Accounts

Why this week: The Aura/ShinyHunters vishing breach, LA Metro unauthorized access, Foster City ransomware, and Albemarle County ransomware all involved valid account compromise (T1078) as the initial access or escalation vector. Standard push-based MFA is defeated by vishing and real-time phishing proxies. FIDO2/passkeys and certificate-based authentication cannot be relayed or socially engineered via phone.

How:

1. Inventory all accounts with privileged access (admin, PAM-managed, VPN, remote desktop) across Active Directory, Azure AD/Entra ID, and cloud IAM.
2. For Microsoft 365/Entra ID: enable Conditional Access policy requiring phishing-resistant MFA (FIDO2 security keys or Windows Hello for Business) for all privileged roles and remote access.
3. For Okta or other IdPs: enforce FIDO2 authenticator policy on admin and privileged roles; disable SMS and push for these accounts.
4. Harden help desk reset procedures: require in-person verification or hardware token confirmation for any credential reset initiated via phone call.
5. Document exceptions with time-limited review cycles.

Framework alignment: NIST SP 800-53 IA-2 (Identification and Authentication), IA-5 (Authenticator Management); CIS v8 Control 6.3 (Require MFA), 6.5 (Require MFA for Admin Accounts); NIST CSF 2.0 PR.AA-03.

4. Deploy or Verify the Microsoft Vulnerable Driver Blocklist (WDAC)

Why this week: Warlock ransomware confirmed BYOVD as an active technique in the ransomware ecosystem this week. Beast Gang’s OpSec exposure confirmed pre-encryption EDR destruction as standard doctrine. WDAC’s vulnerable driver blocklist is a Microsoft-maintained, policy-deployable control that blocks loading of known-vulnerable signed drivers before they can be weaponized for kernel-level EDR bypass — the exact attack chain used by Warlock.

How:

1. Verify HVCI (Hypervisor-Protected Code Integrity) enablement status on all supported Windows endpoints via: Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
2. Deploy Microsoft’s recommended driver block rules as a WDAC policy supplement. Current blocklist is maintained at Microsoft’s official documentation for WDAC policy: search “WDAC recommended block rules” on learn.microsoft.com.
3. Supplement with the LOLDrivers community database (loldrivers.io) for additional known-vulnerable driver hashes.
4. Enable Sysmon Event ID 6 (Driver Loaded) logging and alert on drivers loaded from unusual paths or with anomalous signing metadata.
5. Alert on SeLoadDriverPrivilege use (Event ID 4673) by non-system accounts.

Framework alignment: NIST SP 800-53 SI-2 (Flaw Remediation), CM-6 (Configuration Settings), SI-7 (Software Integrity); CIS v8 Control 5.4 (Restrict Administrator Privileges), 6.8; MITRE ATT&CK T1068 mitigation.

5. Audit and Restrict npm Dependency Integrity Across All CI/CD Pipelines

Why this week: PhantomRaven (88 malicious packages), CanisterWorm (Trivy follow-on), and GlassWorm (dependency-layer implants) all demonstrate that npm package integrity is the current highest-yield supply chain attack surface. Standard CI/CD pipelines that resolve packages at build time without hash verification are vulnerable to all three concurrent campaigns.

How:

1. Enforce npm ci instead of npm install in all CI/CD pipelines — npm ci requires a lockfile and fails on any deviation.
2. Add --frozen-lockfile equivalent enforcement for yarn and pnpm.
3. Enable npm audit gates in CI/CD pipelines to block builds on high-severity findings.
4. Deploy a private npm registry (Artifactory, Verdaccio, or npm Enterprise) with an allow-list of approved packages. Redirect all CI/CD package resolution through the private registry.
5. Implement SCA tooling with behavioral analysis capability (Socket.dev, Phylum, or Snyk with runtime analysis) — static name-matching does not detect postinstall-script-based attacks.
6. Review all repositories for packages installed without lockfile pinning. Audit packages with recent version changes against the PhantomRaven IOC list from BleepingComputer and GitLab Security Blog sources.

Framework alignment: NIST SP 800-53 SR-2 (Supply Chain Risk Management Plan), SR-3 (Supply Chain Controls), SI-7 (Software Integrity), CM-3 (Configuration Change Control); CIS v8 Control 2.5, 2.6, 15.1; NIST CSF 2.0 GV.SC-01; OWASP A08:2021 (Software and Data Integrity Failures).

Framework Alignment Matrix

Threat / Campaign	MITRE Tactic	MITRE Technique(s)	NIST 800-53 Rev 5	CIS v8 Controls
TeamPCP/Trivy CI/CD Supply Chain	Initial Access, Credential Access, Exfiltration	T1195.001 (Compromise Dev Tools), T1552.004 (Private Keys), T1567.001 (Exfiltration to Code Repo), T1041	SR-2, SR-3, SI-7, CM-3, AC-6, IA-5	2.5, 2.6, 15.1, 6.3
PhantomRaven npm Campaign	Initial Access, Credential Access, Exfiltration	T1195.001, T1552.001 (Credentials in Files), T1552.004, T1041, T1036.005	SR-2, SI-7, CM-3, CA-7, SC-7	2.5, 2.6, 15.1, 8.2
Interlock / Slopoly (Hive0163)	Initial Access, Execution, Persistence, Exfiltration, Impact	T1566 (Phishing), T1059.001 (PowerShell), T1053.005 (Scheduled Task), T1071.001, T1105, T1486, T1041	SI-3, SI-4, CM-7, AT-2, CP-9, CP-10, IR-4	14.2, 8.2, 7.3, 7.4
Azure Monitor Callback Phishing (TOAD)	Initial Access, Defense Evasion	T1566.004 (Spearphishing Voice), T1199 (Trusted Relationship), T1656 (Impersonation), T1219 (Remote Access Tools)	AT-2, SI-8, SI-4, AC-2, IA-2	14.2, 6.3, 8.2
BlueNoroff / Bitrefill Breach	Initial Access, Credential Access, Lateral Movement, Collection, Impact	T1566, T1078, T1021, T1552, T1555, T1530, T1657, T1041	AC-2, AC-6, IA-2, IA-5, AC-17, CA-7, SI-4, CP-9	5.2, 6.1, 6.2, 6.3
DPRK IT Worker Scheme	Resource Development, Initial Access, Collection, Exfiltration, Defense Evasion	T1585, T1586, T1036 (Masquerading), T1078, T1213, T1567, T1090.003 (Multi-hop Proxy), T1134	IA-8, AC-2, AC-6, AT-2, CA-7, SI-4	6.3, 6.4, 6.5, 14.2
Warlock Ransomware / BYOVD	Defense Evasion, Privilege Escalation, Impact	T1562.001 (Disable or Modify Tools), T1068 (Exploit for Privilege Escalation), T1543.003, T1486	AC-6, SI-2, CP-9, CP-10, IR-4	5.4, 6.8, 8.2
Beast Gang / Ransomware Backup Destruction	Impact, Defense Evasion	T1490 (Inhibit System Recovery), T1485 (Data Destruction), T1486, T1078	CP-9, CP-10, AC-2, AC-6, IA-2	3.3, 8.2
CVE-2026-3909 (Google Skia)	Initial Access, Execution	T1203 (Exploitation for Client Execution), T1189 (Drive-by Compromise)	SI-2, SI-16 (Memory Protection), SC-7	7.3, 7.4, 16.10
CVE-2025-54068 (Laravel Livewire)	Initial Access, Execution	T1190 (Exploit Public-Facing App), T1059	SI-2, RA-5, CA-8, SC-7, SI-10	7.3, 7.4, 16.10
Conduent / Large-Scale PII Breach	Collection, Exfiltration	T1213, T1530, T1567, T1078	AC-3, SC-28, SA-9, SR-2	6.1, 6.2, 15.1
Laundry Bear / DRILLAPP	Initial Access, Persistence, Collection, C2	T1566, T1218 (System Binary Proxy), T1564.003 (Hidden Window), T1547.001, T1056.001, T1113, T1125, T1102.001	AT-2, SI-3, SI-4, CM-7, SC-7	8.2, 14.2
Healthcare Breach Trends (OCR Era)	Initial Access, Exfiltration, Impact	T1190, T1566, T1195, T1486, T1071, T1048, T1078	CA-8, RA-5, SC-7, SI-2, SI-3, AT-2, SA-9, SR-2, SR-3, CP-9	6.1, 6.2, 14.2, 15.1
DarkSword iOS / Coruna Exploit Kits	Initial Access, Execution, Collection	T1189 (Drive-by), T1203 (Exploitation for Client Execution), T1404, T1430 (Location Tracking)	SI-2, SC-7, SI-3, SI-4	7.3, 7.4
LeakNet / ClickFix + Deno Loader	Initial Access, Execution, Lateral Movement, Exfiltration, Impact	T1566, T1204.002, T1218.007 (Msiexec), T1059.007 (JavaScript), T1620 (Reflective Code Loading), T1569.002, T1537, T1486	AT-2, SI-4, CP-9, CP-10, SI-10	14.2, 8.2, 6.3

Upcoming Security Events & Deadlines

CISA KEV Remediation Deadlines (Active, Within 30 Days)

• March 27, 2026: CVE-2026-3909 — Google Skia out-of-bounds write. Federal agencies must remediate. All organizations: patch Chrome, ChromeOS, Android, and Flutter deployments immediately.
• April 3, 2026: CVE-2025-54068 — Laravel Livewire RCE. Federal agencies must remediate. All organizations: upgrade to Livewire 3.6.4 or later.
• Ongoing KEV monitoring: n8n CVE-2025-68613 (CISA ordered federal agency remediation; check CISA KEV catalog for federal deadline). Monitor cisa.gov/known-exploited-vulnerabilities-catalog for additions related to Veeam, Ubiquiti, and Windows RRAS CVEs disclosed this week.

Patch Tuesday

• Next Patch Tuesday: April 14, 2026. Monitor Microsoft MSRC (msrc.microsoft.com) for preview advisories starting the week of April 7. Given the out-of-band RRAS hotpatch (CVE-2026-0015) released this week for Windows 11 Enterprise 24H2/25H2 hotpatch channel, confirm KB5084597 deployment before April Patch Tuesday.

Vendor Patch Deadlines and Advisories

• Ubiquiti UniFi (CVE-2026-22557, CVE-2026-22558): Apply Ubiquiti Security Advisory Bulletin 062 immediately. No CISA federal deadline; vendor-recommended immediate patching.
• Veeam Backup & Replication (CVE-2026-21666 and 6 others): Apply March 2026 Veeam security updates immediately. Backup infrastructure represents a high-value target given Beast Gang’s documented backup-destruction doctrine.
• Apple iOS/iPadOS (DarkSword/Coruna exposure): Deploy iOS 15.8.7/iPadOS 15.8.7 and iOS 16.7.15/iPadOS 16.7.15 via MDM immediately. Monitor Apple Security Releases (support.apple.com/en-us/100100) for DarkSword-specific CVE assignments.
• GNU InetUtils telnetd (CVE-2026-32746): No patch available as of reporting date. Disable telnetd immediately on all systems. Monitor GNU InetUtils project and NVD for patch availability.
• n8n: Update to latest patched release immediately. CISA KEV active.

Regulatory and Compliance Deadlines

• CISA Emergency Directive (U.S. Government Agency Breach): Monitor cisa.gov/emergency-directives for the full published directive text and binding remediation timelines for Federal Civilian Executive Branch (FCEB) agencies. Reference Cisco SD-WAN advisories cisco-sa-sdwan-rpa-EHchtZk and cisco-sa-sdwan-authbp-qwCX8D4v for patch guidance.
• New Zealand Director-Level Cyber Penalties: Legislative process ongoing. Assign GRC owner to monitor New Zealand Department of the Prime Minister and Cabinet publications for formal bill number. Board briefing on director accountability trend recommended before Q2 2026.
• HIPAA OCR Breach Notification: Organizations affected by Conduent, Marquis, or Albemarle County breaches should assess 60-day OCR notification timeline (45 CFR § 164.408) with legal counsel. Worth noting this touches legal interpretation — verify obligations before finalizing notification decisions.
• SEC Cybersecurity Disclosure: Organizations with publicly traded entities should review whether the Conduent breach (if Conduent is a material vendor) triggers the four-business-day disclosure requirement per SEC cybersecurity rules. Consult legal counsel.

Upcoming Security Events

• RSA Conference 2026: Scheduled for late April/early May 2026 in San Francisco. Monitor rsaconference.com for confirmed dates.
• CISA Cybersecurity Advisory Publications: Anticipate formal IOC releases tied to the four-botnet DDoS disruption operation (Aisuru, KimWolf, JackSkid, Mossad), the U.S. government agency breach emergency directive, and potentially the Trivy/TeamPCP supply chain campaign. Monitor cisa.gov/advisories weekly.

Sources

Section 2 — Critical Action Items

• CISA Known Exploited Vulnerabilities Catalog: cisa.gov/known-exploited-vulnerabilities-catalog
• Google Chrome Releases Blog: googlechromereleases.blogspot.com
• Aqua Security Trivy Incident Discussion: github.com/aquasecurity/trivy/discussions/10425 (source-reported; validate before use)
• Aqua Security Trivy-Action Repository: github.com/aquasecurity/trivy-action (source-reported; validate before use)
• CISA Emergency Directive Portal: cisa.gov/emergency-directives
• Veeam Security Advisories: veeam.com/security-advisories (official vendor page)

Section 3 — Key Security Stories

• BleepingComputer — Trivy supply chain coverage and PhantomRaven: bleepingcomputer.com (source-reported URLs in SCC pipeline; validate before use)
• StepSecurity Advisory — Trivy second compromise: stepsecurity.io (referenced in SCC pipeline; validate before use)
• Socket.dev — CanisterWorm npm analysis: socket.dev (referenced in SCC pipeline; validate before use)
• IBM X-Force Threat Intelligence — Hive0163/Slopoly/Interlock: research.ibm.com/x-force (official IBM research)
• BleepingComputer — AI-generated Slopoly malware in Interlock attack: bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
• The Hacker News — Hive0163/Slopoly: thehackernews.com (source-reported)
• Bitrefill Official Disclosure: x.com/bitrefill/status/2033931580352221656 (source-reported; validate before use)
• BleepingComputer — Bitrefill/BlueNoroff: bleepingcomputer.com (source-reported)
• The Record (Recorded Future News) — Bitrefill: therecord.media (source-reported)
• BleepingComputer — Conduent breach expansion: bleepingcomputer.com (source-reported)
• The Hacker News — Perplexity Comet AI browser research: thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html
• Guardio Research — Perplexity Comet vulnerabilities: labs.guard.io (source-reported)
• OFAC Treasury — DPRK IT Worker Sanctions SB0416: home.treasury.gov/policy-issues/financial-sanctions (official)
• CISA Advisory AA24-249A — Flax Typhoon/Raptor Train: cisa.gov/news-events/cybersecurity-advisories/aa24-249a
• Cisco Talos — UAT-8616/SD-WAN: blog.talosintelligence.com/uat-8616-sd-wan/ (source-reported)
• CERT-UA — Laundry Bear/DRILLAPP (referenced in SCC pipeline)
• Dark Reading — Beast Gang OpSec failure: darkreading.com/threat-intelligence/opsec-beast-gang-exposes-ransomware-server (source-reported)

Section 4 — CISA KEV & Critical CVE Table

• NIST NVD CVE-2026-3909: nvd.nist.gov/vuln/detail/CVE-2026-3909
• NIST NVD CVE-2025-54068: nvd.nist.gov/vuln/detail/CVE-2025-54068
• Ubiquiti Security Advisory Bulletin 062: community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b (source-reported)
• Veeam Security Advisory March 2026: veeam.com/security-advisories
• Microsoft MSRC — CVE-2026-24291: msrc.microsoft.com (monitor for official advisory)
• Apple Security Releases: support.apple.com/en-us/100100
• LOLDrivers Project: loldrivers.io

Section 5 — Supply Chain & Developer Tool Threats

• Aqua Security GitHub Discussion #10425: github.com/aquasecurity/trivy/discussions/10425 (source-reported)
• GitHub Advisory GHSA-8mr6-gf9x-j8qg (Trivy VS Code extension): github.com/aquasecurity/trivy-vscode-extension/security/advisories/GHSA-8mr6-gf9x-j8qg (source-reported)
• GitLab Security Blog — PhantomRaven: about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/ (source-reported; validate before use)
• OpenSSF Package Analysis: github.com/ossf/package-analysis (official)

Section 6 — Nation-State & APT Activity

• MITRE ATT&CK Group G0032 (Lazarus Group): attack.mitre.org/groups/G0032/
• MITRE ATT&CK Group G0067 (APT38): attack.mitre.org/groups/G0067/
• CISA Advisory AA25-071A (i-Soon): cisa.gov (official; search advisory number)
• OFAC SDN List — Integrity Technology Group, Anxun, Emennet Pasargad: home.treasury.gov/policy-issues/financial-sanctions/sdn-list (official)
• Dark Reading — Chinese nexus Qatar pivot: darkreading.com/threat-intelligence/chinese-nexus-actors-shift-focus-to-qatar-amid-iranian-conflict
• Dark Reading — Iran MOIS criminal collaboration: darkreading.com/threat-intelligence/iran-mois-colludes-with-criminals-to-boost-cyberattacks
• Dark Reading — Sednit resurgence: darkreading.com/threat-intelligence/russian-threat-actor-sednit-resurfaces-with-sophisticated-toolkit
• BleepingComputer — Stryker/Handala wiper attack: bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack
• Krebs on Security — Handala/Stryker: krebsonsecurity.com
• Genians — Konni APT/EndRAT analysis (referenced in SCC pipeline)
• ThreatFabric — Perseus Android malware: threatfabric.com/blogs/perseus-dto-malware-that-takes-notes

Section 7 — Phishing & Social Engineering

• BleepingComputer — Azure Monitor callback phishing campaign (SCC-CAM-2026-0075 source)
• Guardio Labs — ClickFix/MacSync campaign analysis (referenced in SCC pipeline)
• Jamf Threat Labs — macOS ClickFix campaigns (referenced in SCC pipeline)
• Sophos Threat Intelligence — MacSync (referenced in SCC pipeline)

Section 9 — Helpful 5

• NIST SP 800-53 Rev 5: csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• NIST Cybersecurity Framework 2.0: nist.gov/cyberframework
• CIS Controls v8: cisecurity.org/controls/v8/
• Microsoft WDAC Recommended Block Rules: learn.microsoft.com (search “WDAC recommended block rules”)
• LOLDrivers: loldrivers.io
• StepSecurity Harden-Runner: github.com/step-security/harden-runner

Section 11 — Upcoming Events & Deadlines

• CISA KEV Catalog: cisa.gov/known-exploited-vulnerabilities-catalog
• CISA Emergency Directives: cisa.gov/emergency-directives
• Microsoft MSRC Security Update Guide: msrc.microsoft.com/update-guide
• Apple Security Releases: support.apple.com/en-us/100100
• HHS OCR Breach Notification: hhs.gov/hipaa/for-professionals/breach-notification (official)
• OFAC SDN List: home.treasury.gov/policy-issues/financial-sanctions/sdn-list (official)

This briefing was produced by the Tech Jacks Solutions Security Command Center (SCC) for the week of March 23, 2026. All URLs labeled “source-reported” were identified in SCC pipeline data and have not been independently verified during this session — validate before operational use. Hashes, specific IOC values, and network indicators not confirmed in primary sources have been omitted in compliance with GAIO Integrity Lock policy. Integrity Lock active — no configuration modifications permitted during this session.