TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
The TeamPCP supply chain campaign has escalated dramatically — having cascaded from its initial March 19 compromise of Aqua Security’s Trivy vulnerability scanner through Checkmarx’s GitHub Actions and into litellm, the massively popular Python package that Wiz estimates is present in 36% of all cloud environments and serves as the LLM API gateway layer for thousands of AI applications. Endor Labs and JFrog confirmed that backdoored versions 1.82.7 and 1.82.8 were pushed to PyPI on March 24 using credentials stolen from litellm’s CI/CD pipeline — which itself used Trivy — and that the embedded payload executes a three-stage attack: a credential harvester sweeping SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files; a Kubernetes lateral movement toolkit that deploys privileged pods to every node in a cluster and chroots into host file systems; and a persistent systemd backdoor polling checkmarx[.]zone for additional payloads with a YouTube-URL-based kill switch. Wiz noted that TeamPCP is now openly collaborating with LAPSUS$ and described the campaign as “a dangerous convergence between supply chain attackers and high-profile extortion groups,” while PyPA urged all organizations that installed or ran either affected version to immediately assume that all credentials accessible to the litellm environment have been exposed — and to rotate every secret, token, and cloud credential without delay.
FCC Bans New Routers Made Outside the USA Over Security Risks
The FCC has updated its Covered List — the register of equipment deemed to pose unacceptable national security risk — to include all consumer-grade routers manufactured in foreign countries, effectively banning the sale of new foreign-made router models in the U.S. following a March 20 National Security Determination by an Executive Branch interagency body that cited supply chain risks capable of disrupting the U.S. economy, critical infrastructure, and national defense. The FCC explicitly cited the role that foreign-manufactured routers played in enabling the Volt, Flax, and Salt Typhoon hacking campaigns, which compromised vital U.S. infrastructure, as justification for the sweeping action — which goes considerably further than previous Covered List additions that targeted specific Chinese vendors like Huawei, ZTE, and TP-Link rather than entire foreign manufacturing categories. Foreign manufacturers are not permanently barred from the U.S. market, but must obtain conditional approval by transparently disclosing corporate ownership and government ties, full supply chain and bill of materials details, firmware and software origins, and a credible plan to move critical component manufacturing to the United States — requirements that analysts say will significantly raise costs, extend time-to-market, and likely cause some vendors to exit the U.S. market entirely rather than pursue the alternative certification pathway.
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
Citrix has released patches for two vulnerabilities in NetScaler ADC and NetScaler Gateway — CVE-2026-3055 (CVSS 9.3), a critical out-of-bounds read caused by insufficient input validation that allows an unauthenticated remote attacker to leak potentially sensitive information from appliance memory, and CVE-2026-4368 (CVSS 7.7), a race condition that causes session mixup between users on affected configurations. CVE-2026-3055 only affects systems explicitly configured as a SAML Identity Provider, rather than default configurations, meaning organizations can check exposure by searching their NetScaler configuration for the string “add authentication samlIdPProfile”; Citrix is also providing Global Deny List signatures through NetScaler Console as an interim mitigation for those unable to immediately upgrade. While no public proof-of-concept or confirmed in-the-wild exploitation has been reported for either flaw as of time of writing, Citrix’s history as one of the most exploited enterprise vendors — appearing 21 times on CISA’s Known Exploited Vulnerabilities catalog since late 2021 — and the critical CVSS score make rapid patching essential for any organization with affected configurations.
Dutch Finance Ministry Probing Cyber Breach Affecting Internal Systems
The Netherlands Finance Ministry confirmed it is investigating a cybersecurity breach affecting internal systems after unauthorized access to ministry infrastructure was detected, making it the latest Dutch government institution compromised in a string of intrusions that have hit the country’s defense ministry, police agency, and mobile device management infrastructure over the past 18 months. Dutch authorities have not attributed the attack or disclosed how initial access was achieved, what data may have been accessed, or how long the attacker was present before detection — all key details that are still under active investigation with the assistance of external cybersecurity experts. The breach adds to a deeply concerning pattern for a country that has been particularly vocal about Chinese and Russian cyber threats and that recently had its intelligence agencies expose Laundry Bear (Void Blizzard) as a previously unknown Russian APT — suggesting that being outspoken about adversary activity does not translate into immunity from it, and that the Netherlands’ relatively small government cybersecurity apparatus continues to be tested by multiple sophisticated state-sponsored adversaries simultaneously.
M-Trends 2026: Initial Access Handoff Shrinks from Hours to 22 Seconds
Google’s Threat Intelligence Group published the M-Trends 2026 report on March 23 — based on more than 500,000 hours of Mandiant incident response investigations conducted in 2025 — with a headline finding that has significant implications for defenders: the median time between an initial access broker gaining entry to a victim’s network and handing that access off to a secondary threat group has collapsed from over 8 hours in 2022 to just 22 seconds in 2025, reflecting either automated handoff processes or extremely tight operational coordination between IABs and ransomware groups that eliminates the window defenders previously relied on to detect and evict an attacker before escalation. Counterintuitively, median dwell time increased slightly to 14 days in 2025 — up from 10 in 2023 and 11 in 2024 — driven primarily by North Korean IT worker infiltrations and nation-state espionage actors who prioritize long-term stealth over rapid monetization, a dynamic that skews the aggregate figure and masks the continued compression of dwell times for financially motivated actors. The report also documented 714 new malware families identified in 2025, identified voice phishing as the most common initial access vector in cloud-targeting incidents (23%), found high-tech as the most targeted sector, and noted that 40% of all incidents involved data theft — reinforcing that exfiltration-and-extortion as a business model remains at least as prevalent as traditional encryption-based ransomware.
