CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
A critical remote code execution flaw in PTC Windchill and FlexPLM, CVE-2026-4681, is drawing unusual urgency. PTC hasn’t released patches yet, but it has published mitigations and IOCs, and German police reportedly went door to door warning companies about the risk. This one matters because Windchill sits deep in product lifecycle and industrial environments, so even pre-exploitation urgency is notable.
Critical Flaw in Langflow AI Platform Under Attack
Attackers are already exploiting CVE-2026-33017 in Langflow, and researchers say the vendor advisory itself provided enough detail for threat actors to build working exploits quickly. The real concern is what sits behind Langflow instances: API keys and credentials for services like OpenAI, Anthropic, AWS, databases, and other connected systems, which means a single exposed workflow server can become a pivot point into much larger environments.
Alleged RedLine malware developer extradited to US, faces up to 30 years
U.S. prosecutors say an Armenian national accused of helping build and run RedLine infostealer infrastructure has been extradited and now faces charges that could bring up to 30 years in prison. RedLine has been one of the most widely used credential theft platforms in the criminal ecosystem for years, so this is another notable follow-on move after the 2024 takedown actions against its infrastructure and administrators.
The phone call is the new phishing email
Mandiant says voice-based phishing surged last year and became one of the most prominent initial access methods it observed, while traditional email phishing continued to decline. The shift reflects a more targeted, higher-effort model where threat actors impersonate IT or help desk staff in real time to manipulate users and bypass technical controls that are better at stopping commodity email phishing.
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Updated March 26)
Unit 42 says the current conflict environment is increasing the risk of destructive cyber activity, including wiper attacks, conflict-themed phishing, fraud, and impersonation of trusted brands and institutions. Their latest update says threat actors are using lures tied to the crisis and are targeting both enterprise and consumer sectors, with special concern around critical infrastructure, vendors, and supply chain relationships.
Citrix urges admins to patch NetScaler flaws as soon as possible
Citrix patched two NetScaler flaws, including CVE-2026-3055, a critical memory overread bug that security teams are already comparing to prior CitrixBleed issues because it could expose sensitive data like session tokens. Citrix is urging customers to patch quickly, and the concern is amplified by the large internet-facing footprint of NetScaler appliances and the history of rapid weaponization against this product line.
The post InfoSec News Nuggets 03/27/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
