CISA Warns of Active Langflow AI Exploitation, UK Sanctions Xinbi Crypto Marketplace, Ajax Amsterdam GDPR Breach, Trivy Supply Chain Attack Hits 1K+ Clouds, RSAC 2026 Deepfakes Alarm UK Parliament
CISA adds critical Langflow AI framework flaw to KEV catalog after attackers weaponised it within 20 hours of disclosure. The UK becomes the first country to sanction the $19.9 billion Xinbi crypto marketplace fuelling Southeast Asian scam centres. Ajax Amsterdam discloses a data breach affecting 300,000+ accounts with GDPR implications for sports organisations. A Trivy supply chain attack snowballs across Docker Hub, VS Code, and PyPI. AI deepfakes targeting a UK lawmaker go unanswered by Big Tech at RSAC 2026.
1. CISA Adds Langflow AI Vulnerability to KEV — Exploited Within 20 Hours
⚠️ CRITICAL THREAT — AI Development Frameworks Under Active Attack
CISA has added CVE-2026-33017 (CVSS 9.3) to its Known Exploited Vulnerabilities catalog. Attackers began exploiting the critical Langflow code injection flaw just 20 hours after the advisory was published — without any public proof-of-concept code.
On March 25, 2026, CISA issued an urgent alert adding CVE-2026-33017 to the Known Exploited Vulnerabilities (KEV) catalog. The flaw affects Langflow, a popular open-source framework for building AI agent workflows with 145,000 GitHub stars. The vulnerability allows unauthenticated remote code execution via a single crafted HTTP request due to unsandboxed flow execution.
What makes this case particularly alarming is the exploitation timeline. According to research by Endor Labs:
- Hour 0: Vulnerability advisory published
- Hour 20: Automated scanning activity detected — no public PoC existed
- Hour 21: Active exploitation using custom Python scripts
- Hour 24: Data harvesting of
.envand.dbfiles from compromised instances
This is the second time CISA has warned about active Langflow exploitation — the first was CVE-2025-3248 in May 2025. The pattern demonstrates that AI development frameworks are becoming high-value targets as organisations rapidly adopt AI agent architectures.
EU AI Act and CRA Implications
The Langflow exploitation raises critical questions under both the EU AI Act and the Cyber Resilience Act (CRA):
- EU AI Act Article 15: High-risk AI systems must demonstrate "accuracy, robustness, and cybersecurity" — an AI orchestration framework with a CVSS 9.3 RCE flaw fails this requirement categorically
- CRA vulnerability handling: The CRA requires manufacturers to handle vulnerabilities throughout the product lifecycle and provide security updates "without delay" — Langflow's repeated critical flaws test this obligation
- NIS2 supply chain risk: Organisations using Langflow in production AI systems must assess this as a supply chain risk under NIS2 Article 21
- Incident reporting: Under NIS2, exploitation of AI infrastructure may trigger the 24-hour early warning requirement if it affects essential or important entities
What This Means for Your Organisation
- If running Langflow: upgrade to version 1.9.0 immediately or disable/restrict the vulnerable endpoint
- Do not expose AI development frameworks directly to the internet — isolate them behind VPN or zero-trust access
- Inventory all AI/ML frameworks in your stack and assess them as critical supply chain components
- Federal agencies must remediate by April 8, 2026 per CISA's directive
2. UK Sanctions Xinbi Crypto Marketplace — $19.9 Billion in Illicit Transactions
⚠️ REGULATORY ACTION — First-Ever Sanctions Against Illicit Crypto Marketplace
The UK's Foreign, Commonwealth and Development Office has become the first government to sanction Xinbi, a Telegram-based Chinese-language marketplace that processed $19.9 billion in illicit transactions between 2021 and 2025, including laundering North Korean crypto heist proceeds.
On March 26, 2026, the UK government announced sanctions against Xinbi, one of the largest illicit crypto marketplaces in Southeast Asia. According to blockchain analysis firm Chainalysis, Xinbi processed over $19.9 billion in transactions facilitating unlicensed OTC trades, money laundering, and sales of stolen personal databases.
The sanctions also target #8 Park, Cambodia's largest scam compound with capacity for 20,000 trafficked workers, and Legend Innovation Co, its operator. Xinbi provided cryptocurrency-based laundering services to these scam centres, which force trafficked workers to conduct "pig butchering" and romance baiting scams.
Anti-Money Laundering and Data Protection Crossover
The Xinbi case sits at the intersection of multiple EU regulatory frameworks:
- EU Anti-Money Laundering Regulation (AMLR): The new AML regulation, which entered into force in 2024, extends AML obligations to crypto-asset service providers — Xinbi's operations would fall squarely under its scope
- Markets in Crypto-Assets (MiCA): MiCA requires crypto-asset service providers to be authorised and comply with AML rules — platforms like Xinbi operate entirely outside this framework
- GDPR Article 17: The sale of stolen personal databases on Xinbi constitutes a massive violation of data subjects' rights — raising questions about cross-border enforcement against platforms operating from jurisdictions with weak data protection
- NIS2 implications: Financial entities designated under NIS2 must monitor for exposure to illicit crypto marketplaces in their threat landscape assessments
What This Means for Your Organisation
- Financial institutions: screen for Xinbi-associated wallet addresses in transaction monitoring systems
- Monitor whether your organisation's data appears on dark web marketplaces — stolen databases from Xinbi may include European customer data
- Review your AML/KYC processes against the new EU AMLR requirements for crypto-related transactions
- Assess supply chain exposure to Southeast Asian scam infrastructure, particularly through social engineering attacks
3. Ajax Amsterdam Data Breach — GDPR Compliance Gaps in Sports Organisations
🔶 DATA BREACH — 300,000+ Accounts Exposed, Season Tickets Hijackable
Dutch football club AFC Ajax disclosed that a hacker exploited vulnerabilities in its IT systems, accessing data on hundreds of people. Independent investigation by RTL journalists revealed the flaws could have enabled manipulation of 42,000 season tickets, 538 stadium bans, and access to 300,000+ fan accounts.
AFC Ajax, one of Europe's most successful football clubs, has disclosed a data breach after a hacker accessed parts of its IT systems. While Ajax stated that only "a few hundred" email addresses were viewed, RTL journalists who independently verified the vulnerabilities found the actual exposure was far more severe:
- 42,000 season tickets could be transferred to arbitrary people — demonstrated by reassigning a VIP ticket in seconds
- 538 stadium bans could be accessed and modified
- 300,000+ accounts were accessible via APIs and shared keys
- The root cause: unsecured APIs and shared authentication keys — fundamental security failures
Ajax has notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and police, engaged external experts, and patched the identified vulnerabilities.
GDPR Enforcement Implications
This breach is a textbook case for GDPR enforcement action:
- Article 32 — Security of processing: Shared API keys and unsecured endpoints represent a failure to implement "appropriate technical and organisational measures" — the Dutch DPA has fined organisations for similar failures
- Article 33 — Breach notification: Ajax learned about the breach from journalists, not from its own security monitoring — this raises questions about whether the 72-hour notification requirement was met
- Article 25 — Data protection by design: The ability to manipulate 42,000 tickets via a simple API call suggests data protection was not built into the system architecture
- Regulatory trend: The Dutch DPA has been increasingly aggressive — its €10 million fine against Clearview AI and €3.7 million fine against the Dutch Tax Authority signal zero tolerance for poor data security practices
What This Means for Your Organisation
- Audit all public-facing APIs for authentication and authorisation vulnerabilities — shared keys are never acceptable
- Implement API security monitoring that detects unauthorised access patterns before journalists find them
- Sports, entertainment, and membership organisations: you hold massive amounts of personal data — treat security investment accordingly
- Test your breach detection capabilities — would you discover this internally, or wait for external notification?
4. Trivy Supply Chain Attack Snowballs Across Docker Hub, VS Code, PyPI
⚠️ SUPPLY CHAIN COMPROMISE — Open Source Security Tool Weaponised Against 1,000+ Environments
A supply chain attack that began with compromised Trivy GitHub Action tags has expanded across Docker Hub, VS Code extensions, and PyPI packages, infecting over 1,000 cloud environments. The attackers, tracked as TeamPCP, have teamed up with the Lapsus$ group.
Security researchers have uncovered one of the most significant open-source supply chain attacks in recent memory. The attack originated with the compromise of Trivy — Aqua Security's widely-used container vulnerability scanner — through GitHub Action tag manipulation. From there, the attackers (tracked as TeamPCP) expanded their reach:
- GitHub Actions: Compromised tags in Trivy's CI/CD pipeline injected malicious code into downstream projects
- Docker Hub: Poisoned container images uploaded under legitimate-looking namespaces
- VS Code Marketplace: Trojanised extensions targeting developers
- PyPI: Malicious Python packages mimicking legitimate security tools
- 1,000+ cloud environments confirmed infected, with the "snowball effect" still growing
Perhaps most concerning: LiteLLM, a popular Python interface for LLMs, was compromised through the same polluted CI/CD pipeline, potentially affecting organisations building AI applications.
Cyber Resilience Act and NIS2 Supply Chain Requirements
This attack is precisely the scenario that EU regulators anticipated:
- CRA Article 13: Manufacturers must "exercise due diligence when integrating components from third parties" — using open-source components without supply chain verification fails this requirement
- CRA SBOM mandate: The requirement for Software Bills of Materials exists specifically to enable rapid response when a dependency is compromised — organisations with complete SBOMs can quickly assess exposure
- NIS2 Article 21(2)(d): Supply chain security measures must cover "the relationship between each entity and its direct suppliers" — CI/CD pipelines are now a critical supply chain link
- ENISA SBOM guidance: ENISA's December 2025 call for feedback on SBOM landscape analysis and package manager security is directly relevant to preventing attacks like this
What This Means for Your Organisation
- Audit your CI/CD pipelines for GitHub Actions that reference mutable tags — pin to specific commit SHAs instead
- Check for exposure to compromised Trivy, LiteLLM, or TeamPCP-linked packages in your environments
- Implement SBOM generation and continuous dependency monitoring
- Verify the integrity of all security scanning tools in your pipeline — if the scanner is compromised, everything it scans is at risk
5. RSAC 2026: AI Deepfakes Target UK Lawmaker, Big Tech Offers No Answers
AI Governance and Deepfake Regulation: A UK lawmaker targeted by AI-generated deepfake content appeared before Parliament to demand answers from Meta, Google, and X. None could adequately explain how fake political content circulated for so long — adding urgency to EU AI Act enforcement and the global debate on AI-generated disinformation.
At RSAC 2026 in San Francisco, the dominant themes this week have been AI agents and the security challenges they create. But it was events in London that provided the sharpest illustration of the regulatory gap. A UK Member of Parliament targeted by AI-generated deepfake content appeared before a parliamentary committee, with representatives from Meta, Google, and X struggling to explain why the content remained online for weeks.
Key developments from RSAC 2026 and the broader AI security landscape this week:
- Claude AI attack demonstrations: Former NSA Director Rob Joyce described AI agent penetration testing as a "Rorschach test" for infosec — "it freakin' worked" in finding vulnerabilities humans missed
- Google deploys Gemini AI on dark web: Google claims its AI agents can analyse millions of daily dark web events with 98% accuracy
- Voice phishing skyrockets: Google reports voice phishing is now the second most common initial access method across all incident response investigations, and the top method for cloud break-ins
- AI supply chain poisoning: Researchers demonstrated that AI agent supply chain attacks don't require malware — just poisoned documentation in context hubs
EU AI Act Enforcement Context
The deepfake incident crystallises several EU AI Act obligations:
- Article 50 — Transparency obligations: AI-generated content must be labelled as such — platforms failing to detect and label deepfakes face enforcement action under the AI Act from August 2026
- Article 5 — Prohibited practices: AI systems that deploy "subliminal techniques" or exploit vulnerabilities to materially distort behaviour are banned — political deepfakes may qualify
- Digital Services Act interaction: The DSA already requires very large online platforms to assess systemic risks including disinformation — the AI Act adds AI-specific obligations on top
- AI supply chain security: The RSAC demonstrations of AI agent attacks and context poisoning highlight that the AI Act's cybersecurity requirements (Article 15) must extend to AI development and deployment infrastructure
What This Means for Your Organisation
- Prepare for AI Act transparency obligations on AI-generated content — enforcement begins August 2026
- Implement deepfake detection capabilities for content that flows through your platforms or communications
- Assess AI agent security: if you're deploying AI agents, ensure their context sources and tool chains are verified and integrity-checked
- Voice phishing defence: deploy AI-powered voice authentication and train staff to verify caller identity through out-of-band channels
Today's Regulatory Landscape Summary
| Development | Regulation | Impact | Action Required |
|---|---|---|---|
| CISA Langflow AI Exploitation | EU AI Act / CRA / NIS2 | AI frameworks are high-value targets | Upgrade to Langflow 1.9.0, isolate AI infrastructure |
| UK Sanctions Xinbi ($19.9B) | AMLR / MiCA / GDPR | First-ever illicit crypto marketplace sanctions | Screen for Xinbi wallets, review AML processes |
| Ajax Amsterdam Data Breach | GDPR | 300K+ accounts exposed via API flaws | Audit APIs, implement breach detection monitoring |
| Trivy Supply Chain Attack | CRA / NIS2 | 1,000+ cloud environments compromised | Pin GitHub Actions to SHAs, generate SBOMs |
| RSAC 2026 Deepfakes / AI Agents | EU AI Act / DSA | AI deepfake enforcement gap exposed | Prepare for AI Act August 2026 transparency rules |