CISA: Langflow CVE-2026-33017 Exploited Within 20 Hours, UK Sanctions Xinbi $19.9B Crypto Marketplace, Dutch Police Breached via Phishing
CISA adds critical Langflow RCE to the Known Exploited Vulnerabilities catalog after attackers weaponized the flaw within 20 hours of public disclosure — no PoC needed. The UK becomes the first country to sanction Xinbi, a Telegram-based crypto marketplace that processed $19.9 billion in illicit funds. Dutch Police confirm a phishing breach. TikTok Business accounts targeted via reverse-proxy session hijacking. Plus: Trivy supply chain extortion wave intensifies and a Russian access broker is sentenced.
🚨 CISA: Langflow CVE-2026-33017 Actively Exploited — Attackers Weaponized in 20 Hours
🔴 CRITICAL — Active Exploitation, CVSS 9.3
If you run Langflow ≤ 1.8.1, upgrade to version 1.9.0 immediately or take the instance offline. CISA has set an April 8 federal remediation deadline. Attackers are already harvesting .env and .db files from exposed instances.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-33017 to its Known Exploited Vulnerabilities (KEV) catalog. The critical code injection vulnerability in Langflow — the popular open-source AI workflow framework with 145,000 GitHub stars — allows unauthenticated remote code execution via a single crafted HTTP request.
Weaponization Timeline
Security researchers at Sysdig documented an extraordinarily fast exploitation timeline, with attackers building working exploits directly from the advisory — no public proof-of-concept code existed:
| Hours After Disclosure | Activity |
|---|---|
| +20 hours | Automated scanning activity begins |
| +21 hours | Exploitation via crafted Python scripts |
| +24 hours | Data harvesting — .env files, databases, API keys |
The vulnerability exists because Langflow versions 1.8.1 and earlier execute user-supplied flows without sandboxing, meaning any flow can run arbitrary Python code on the server. A single HTTP request to the vulnerable endpoint is sufficient for full compromise.
Why This Is Particularly Dangerous
- AI infrastructure exposure: Langflow instances typically hold API keys for OpenAI, Anthropic, and other LLM providers — a treasure trove for attackers
- Widespread adoption: Downloaded millions of times monthly, Langflow is embedded in enterprise AI pipelines across industries
- Repeat target: CISA issued a similar warning for Langflow CVE-2025-3248 in May 2025 — organizations that didn't learn from the first incident are now paying twice
- No PoC needed: Attackers built exploits from the advisory alone, demonstrating the shrinking window between disclosure and exploitation
Remediation: Upgrade to Langflow 1.9.0+. If upgrading isn't immediately possible, restrict or disable the vulnerable endpoint, block public internet access, monitor outbound traffic for data exfiltration, and rotate all API keys, database credentials, and cloud secrets stored in the environment.
🇬🇧 UK Sanctions Xinbi — First Country to Target $19.9B Crypto Laundering Marketplace
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has become the first country to sanction Xinbi, a Chinese-language Telegram-based marketplace that processed over $19.9 billion between 2021 and 2025. The platform facilitated unlicensed OTC crypto trades, money laundering, and the sale of stolen personal databases to scam networks across Southeast Asia.
Scale of the Operation
- $19.9 billion in transactions processed over four years, according to blockchain analysis firm Chainalysis
- North Korean connection: Xinbi reportedly helped DPRK threat actors launder cryptocurrency stolen in major heists
- Scam infrastructure: Sold stolen data and satellite internet equipment to pig butchering and romance baiting operations
- #8 Park: Sanctions also target Cambodia's largest scam compound, capable of holding 20,000 trafficked workers
The sanctions aim to isolate Xinbi from the legitimate crypto ecosystem, making it impossible to send or receive payments. This strategy proved effective when UK sanctions against the Byex Exchange cryptocurrency platform led to its shutdown last year.
⚠️ Compliance Alert
Organizations in the cryptocurrency and financial services sectors should immediately screen for Xinbi-associated wallet addresses. The FCDO sanctions create legal obligations to freeze assets and report transactions involving sanctioned entities. Chainalysis has published IOCs and wallet clusters for monitoring.
🇳🇱 Dutch Police Disclose Security Breach After Phishing Attack
The Dutch National Police (Politie) has confirmed a security breach resulting from a successful phishing attack, though the agency says the impact appears limited and no citizens' data or investigative information was exposed.
The police's Security Operations Center (SOC) detected the incident quickly and immediately blocked the attackers' access to compromised systems. A criminal investigation has been launched alongside the technical investigation.
Context and Concerns
This is the second significant breach of Dutch police systems in recent years. In September 2024, a cyberattack attributed to a "state actor" resulted in the theft of work-related contact information for multiple police officers, including names, email addresses, phone numbers, and in some cases private data. That investigation remains ongoing.
Why it matters: Law enforcement agencies are high-value targets because they hold sensitive investigative data, informant identities, and surveillance capabilities. Even "limited" breaches can reveal operational patterns and compromise officer safety. The fact that phishing — one of the oldest attack vectors — continues to succeed against security-conscious organizations underscores the need for continuous security awareness training and phishing-resistant authentication methods like FIDO2/passkeys.
📱 TikTok Business Accounts Targeted in Reverse-Proxy Phishing Campaign
A coordinated phishing campaign is targeting TikTok for Business accounts using sophisticated reverse-proxy techniques that bypass two-factor authentication by intercepting session cookies in real time.
Attack Chain
- Lure: Victims are directed to Cloudflare-hosted phishing pages registered on March 24 via NiceNIC, a registrar frequently associated with cybercriminal activity
- Bot evasion: Cloudflare Turnstile CAPTCHA checks filter out security bots before delivering malicious content
- Credential harvesting: Fake TikTok Business and Google Careers "Schedule a Call" pages collect basic information as a validation step
- Session hijacking: A reverse proxy intercepts both credentials and session cookies, enabling account takeover even with 2FA enabled
- Double compromise: Users who log into TikTok via Google SSO effectively hand over both accounts in a single attack
Push Security, which discovered the campaign, links it to previous attacks targeting Google Ad Manager accounts. The compromised TikTok Business accounts are valuable for malvertising, ad fraud, and distributing malicious content through the platform's advertising network.
⚠️ Business Account Advisory
Verify all domains before entering credentials. Legitimate TikTok login pages are hosted on tiktok.com — never on third-party domains. Consider implementing passkeys for business-critical accounts, which are inherently resistant to reverse-proxy phishing attacks. Alert marketing teams about this campaign immediately.
📰 Rapid Roundup
Trivy Supply Chain Attack Spawns "Loud and Aggressive" Extortion Wave
Security experts are warning of an escalating extortion campaign targeting organizations affected by the TeamPCP supply chain attack on Trivy, Aqua Security's popular vulnerability scanner. Downstream victims are receiving ransom demands as attackers leverage stolen credentials and access obtained through the compromised tool. The fallout demonstrates how a single supply chain compromise can cascade into widespread secondary attacks across an entire ecosystem.
Russian Access Broker Sentenced to Over 6 Years in Prison
Aleksei Volkov, a Russian national who operated as an initial access broker, has been sentenced to more than six years in a US federal prison for his role in ransomware schemes. Volkov sold compromised network access to ransomware gangs, enabling attacks that caused millions in damages. The sentencing sends a clear message that access brokers — not just ransomware operators — face serious criminal consequences.
Smart Slider WordPress Plugin CVE-2026-3098 — 500K Sites Vulnerable
A file read vulnerability in the Smart Slider 3 WordPress plugin (active on 800,000+ sites) allows subscriber-level users to access arbitrary server files including wp-config.php. Version 3.5.1.34 patches the flaw. With only 303,000 downloads since the fix, at least 500,000 WordPress sites remain exposed. Website administrators should update immediately.
FCC Bans Foreign Routers, Critics Warn of Supply Chain Uncertainty
The FCC has moved to ban foreign-manufactured routers from US networks, targeting Chinese-made equipment. While security experts applaud the intent, critics warn the rule could create supply chain uncertainty without clear domestic alternatives, potentially forcing organizations into hasty procurement decisions with their own security implications.
🛡️ Recommended Actions
| Priority | Action | Details |
|---|---|---|
| CRITICAL | Patch Langflow immediately | Upgrade to v1.9.0+. Rotate all API keys, database credentials, and secrets stored in Langflow environments. Check for unauthorized access since March 19. |
| CRITICAL | Update Smart Slider 3 plugin | WordPress sites using Smart Slider 3 must update to v3.5.1.34. Audit for unauthorized file access, especially wp-config.php. |
| HIGH | Screen for Xinbi wallet addresses | Financial and crypto organizations should screen transactions against Xinbi-associated addresses published by Chainalysis and FCDO sanction lists. |
| HIGH | Alert teams about TikTok phishing | Warn marketing and social media teams about reverse-proxy phishing targeting TikTok Business. Implement passkeys where available. |
| MEDIUM | Review Trivy exposure | Organizations using Trivy should audit for compromise indicators and rotate credentials. Monitor for extortion communications. |
| MEDIUM | Strengthen phishing defenses | The Dutch Police breach is a reminder: deploy phishing-resistant MFA (FIDO2/passkeys) and conduct regular social engineering assessments. |