Daily Intelligence Brief
KENSAI Security Research
Tuesday, March 25, 2026 — 04:00 CET
4
Data Breaches
3
Critical CVEs
3
Supply Chain Attacks
1
Ransomware Sentencing
⚡ TL;DR — What Matters Today
- TeamPCP supply chain rampage continues — LiteLLM PyPI package backdoored with credential harvesters and K8s lateral movement tools; Checkmarx GitHub Actions also compromised
- CVE-2026-4681 (PTC Windchill) — Critical RCE zero-day so severe that German BKA police woke up sysadmins at night to deliver the advisory
- HackerOne employee data breach — via compromised benefits administrator Navia
- QualDerm breach — 3.1 million medical records stolen
- Lapsus$ claims AstraZeneca hack — code repos, credentials, employee data allegedly compromised
- FCC bans foreign-made routers — all consumer routers manufactured outside the USA now banned from sale
- RSAC 2026 kicks off — major vendor announcements underway
Critical Vulnerabilities
CVE-2026-4681 — PTC Windchill / FlexPLM Remote Code Execution (Zero-Day)
Critical deserialization vulnerability in Windchill and FlexPLM product lifecycle management systems allowing unauthenticated remote code execution. The severity is unprecedented — German federal police (BKA) dispatched agents to companies nationwide over the weekend, waking system administrators at night to hand-deliver the advisory. PTC has published IoCs including webshell indicators (GW.class, dpr_*.jsp files) and suspicious user-agent patterns. No patch available yet; vendor recommends applying Apache/IIS servlet path denial rules immediately and disconnecting internet-facing instances.
CRITICALZERO-DAYRCEPLMMANUFACTURING
→ BleepingComputer
CRITICALZERO-DAYRCEPLMMANUFACTURING
→ BleepingComputer
🛡️ KENSAI Relevance: PLM systems are widely used in DACH manufacturing and defense sectors — core NIS2 compliance targets. This zero-day directly impacts the industrial organizations KENSAI serves.
Critical Citrix NetScaler Vulnerability — Pre-Auth Information Disclosure
An out-of-bounds read vulnerability in Citrix NetScaler can be exploited remotely without authentication to read sensitive information from memory. Multiple security firms warn exploitation is imminent given the widespread deployment of NetScaler appliances. Organizations should patch immediately.
CRITICALPRE-AUTHNETSCALERNETWORK
→ SecurityWeek
CRITICALPRE-AUTHNETSCALERNETWORK
→ SecurityWeek
Chrome 146 — Eight High-Severity Memory Safety Fixes
Google released Chrome 146 patching eight memory safety bugs affecting seven different components. Organizations should push browser updates immediately across fleets.
HIGHBROWSERMEMORY-SAFETY
→ SecurityWeek
HIGHBROWSERMEMORY-SAFETY
→ SecurityWeek
Supply Chain Attacks — TeamPCP Rampage
LiteLLM PyPI Package Backdoored (Versions 1.82.7–1.82.8)
The TeamPCP threat actor — behind the recent Trivy and KICS compromises — has now backdoored the popular LiteLLM Python package on PyPI. The payload is a three-stage attack:
Stage 1: Credential harvester sweeping SSH keys, cloud credentials, K8s secrets, crypto wallets, and .env files
Stage 2: Kubernetes lateral movement toolkit deploying privileged pods to every node
Stage 3: Persistent systemd backdoor (sysmon.service) polling a C2 domain for additional binaries
Malicious versions have been removed from PyPI. Anyone who installed litellm 1.82.7 or 1.82.8 should consider their environment fully compromised.
CRITICALSUPPLY-CHAINPYPIK8SCREDENTIAL-THEFT
→ The Hacker News
Stage 1: Credential harvester sweeping SSH keys, cloud credentials, K8s secrets, crypto wallets, and .env files
Stage 2: Kubernetes lateral movement toolkit deploying privileged pods to every node
Stage 3: Persistent systemd backdoor (sysmon.service) polling a C2 domain for additional binaries
Malicious versions have been removed from PyPI. Anyone who installed litellm 1.82.7 or 1.82.8 should consider their environment fully compromised.
CRITICALSUPPLY-CHAINPYPIK8SCREDENTIAL-THEFT
→ The Hacker News
🛡️ KENSAI Relevance: LiteLLM is widely used in AI/LLM pipelines. This attack demonstrates the growing risk of supply chain compromises in AI tooling — a key area for KENSAI's SCA and SBOM capabilities.
Checkmarx GitHub Actions Compromised via Stolen CI Credentials
TeamPCP has compromised two Checkmarx-maintained GitHub Actions workflows (checkmarx/ast-github-action and checkmarx/kics-github-action) using stolen CI credentials — likely obtained from the earlier Trivy supply chain breach. This is the same threat actor expanding their reach through interconnected CI/CD dependencies.
CRITICALSUPPLY-CHAINCI/CDGITHUB-ACTIONS
→ The Hacker News
CRITICALSUPPLY-CHAINCI/CDGITHUB-ACTIONS
→ The Hacker News
"Ghost" Campaign — 7 Malicious npm Packages Stealing Crypto Wallets
Seven npm packages published by user "mikilanjillo" are stealing cryptocurrency wallets and credentials. Packages include names like react-performance-suite, react-state-optimizer-core, react-fast-utilsa, and ai-fast-auto-trader — designed to look like legitimate React and AI utility libraries.
HIGHSUPPLY-CHAINNPMCRYPTO-THEFT
→ The Hacker News
HIGHSUPPLY-CHAINNPMCRYPTO-THEFT
→ The Hacker News
Data Breaches
QualDerm — 3.1 Million Patient Records Stolen
Hackers stole personal information, medical records, and health insurance data from QualDerm's internal systems. 3.1 million individuals affected — one of the larger healthcare breaches this quarter.
BREACHHEALTHCARE3.1M RECORDS
→ SecurityWeek
BREACHHEALTHCARE3.1M RECORDS
→ SecurityWeek
HackerOne Employee Data Breach via Navia Benefits Administrator
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers compromised Navia, a U.S. benefits administrator used by the company. This is a third-party/supply chain data breach — the attacker didn't hit HackerOne directly.
BREACHTHIRD-PARTYHR-DATA
→ BleepingComputer
BREACHTHIRD-PARTYHR-DATA
→ BleepingComputer
Infinite Campus — K-12 Student Data Stolen by ShinyHunters
Widely used K-12 student information system Infinite Campus is warning customers of a data breach following an extortion attempt by the ShinyHunters threat actor. Student and school data at risk.
BREACHEDUCATIONEXTORTION
→ BleepingComputer
BREACHEDUCATIONEXTORTION
→ BleepingComputer
Lapsus$ Claims AstraZeneca Hack — Code Repos, Credentials, Employee Data
The Lapsus$ extortion group claims to have breached AstraZeneca, allegedly compromising internal code repositories, credentials, and employee data. Under investigation.
BREACHPHARMAEXTORTION
→ SecurityWeek
BREACHPHARMAEXTORTION
→ SecurityWeek
Dutch Ministry of Finance — Employee Data Breach
The Dutch Ministry of Finance disclosed a breach affecting employee data. Details still emerging, but this adds to a pattern of European government entities being targeted.
BREACHGOVERNMENTEU
→ BleepingComputer
BREACHGOVERNMENTEU
→ BleepingComputer
🛡️ KENSAI Relevance: EU government breaches reinforce the urgency of NIS2 compliance — KENSAI's primary sales narrative for the DACH/EU market.
Mazda — Employee & Partner Data Stolen
Hackers stole internal IDs, names, email addresses, and business partner IDs from an internal management system. Impact scope still being assessed.
BREACHAUTOMOTIVE
→ SecurityWeek
BREACHAUTOMOTIVE
→ SecurityWeek
Ransomware & Law Enforcement
Yanluowang Ransomware Access Broker Sentenced to 81 Months
A Russian national was sentenced to nearly 7 years (81 months) in U.S. federal prison after pleading guilty to acting as an initial access broker (IAB) for the Yanluowang ransomware group. The operations caused approximately $9M in damages. A win for international law enforcement cooperation.
RANSOMWARELAW-ENFORCEMENTSENTENCING
→ BleepingComputer
RANSOMWARELAW-ENFORCEMENTSENTENCING
→ BleepingComputer
Malware & Phishing Campaigns
FAUX#ELEVATE — Fake Resumes Deploying Crypto Miners & Info Stealers
An ongoing phishing campaign targets French-speaking corporate environments using obfuscated VBScript files disguised as résumés. The multi-purpose toolkit combines credential theft, data exfiltration, and Monero mining. Uses Dropbox for staging, Moroccan WordPress sites for C2, and mail.ru SMTP for exfil.
HIGHPHISHINGCRYPTOMININGINFOSTEALER
→ The Hacker News
HIGHPHISHINGCRYPTOMININGINFOSTEALER
→ The Hacker News
Tax Season Malvertising — ScreenConnect RAT via BYOVD
A large-scale malvertising campaign abuses Google Ads to target US users searching for tax documents. Delivers rogue ConnectWise ScreenConnect installers that deploy "HwAudKiller" — a tool that uses Bring Your Own Vulnerable Driver (BYOVD) technique with a Huawei driver to disable EDR/AV products. Active since January, likely to intensify as US tax deadline approaches.
HIGHMALVERTISINGBYOVDEDR-BYPASS
→ The Hacker News
HIGHMALVERTISINGBYOVDEDR-BYPASS
→ The Hacker News
Policy, Industry & Tools
FCC Bans All Foreign-Made Consumer Routers
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the United States. A significant escalation in the US approach to hardware supply chain security.
POLICYSUPPLY-CHAINHARDWARE
→ BleepingComputer
POLICYSUPPLY-CHAINHARDWARE
→ BleepingComputer
Firefox 149 — Free Built-in VPN (50GB/month)
Mozilla released Firefox 149 with a built-in VPN offering up to 50GB of monthly traffic at no cost. A notable move toward privacy-by-default in mainstream browsers.
TOOLPRIVACYBROWSER
→ BleepingComputer
TOOLPRIVACYBROWSER
→ BleepingComputer
RSAC 2026 Conference — Day 1 Announcements
RSA Conference 2026 has kicked off with a wave of vendor announcements. Key themes emerging: Guardian Agents (AI agents that supervise other AI agents — Gartner published its first Market Guide), agentic AI governance, and continued convergence of identity + cloud security.
INDUSTRYRSACAI-SECURITY
→ SecurityWeek
INDUSTRYRSACAI-SECURITY
→ SecurityWeek
Gartner's First Market Guide for "Guardian Agents"
Gartner released its inaugural Market Guide for Guardian Agents — AI agents that supervise other AI agents to ensure their actions align with goals and boundaries. This new category is directly relevant as agentic AI platforms shift from passive tools to autonomous action-takers with real system access.
MARKETAI-GOVERNANCEGARTNER
→ The Hacker News
MARKETAI-GOVERNANCEGARTNER
→ The Hacker News
🛡️ KENSAI Relevance: The Guardian Agent category validates the market for AI security oversight — directly adjacent to KENSAI's positioning. Worth tracking for content and positioning opportunities.
AWS Bedrock — 8 Attack Vectors Mapped by XM Cyber
XM Cyber's threat research team mapped eight attack vectors inside AWS Bedrock environments. When AI agents can query Salesforce, trigger Lambda functions, or pull from SharePoint knowledge bases, they become nodes in infrastructure with permissions and reachable paths to critical assets. Research highlights the expanding attack surface of agentic AI in cloud environments.
HIGHCLOUDAI-SECURITYAWS
→ The Hacker News
HIGHCLOUDAI-SECURITYAWS
→ The Hacker News
Geopolitical & State-Sponsored
Poland Faced Surge in Cyberattacks in 2025, Including Energy Sector Assault
Poland reports a major surge in cyberattacks throughout 2025, including a destructive infiltration of the country's energy system in December, suspected to originate from Russia. The retrospective report underscores ongoing state-sponsored threats to European critical infrastructure.
STATE-SPONSOREDENERGYEU
→ SecurityWeek
STATE-SPONSOREDENERGYEU
→ SecurityWeek
Iran's Surveillance Camera Network Hijacked by Israel for Targeting
Israel reportedly hijacked Iran's national street camera surveillance network, originally built to suppress dissent, and repurposed it as a targeting tool. The role in the killing of Iran's supreme leader underscores how surveillance systems are becoming warfare assets.
CYBER-WARFARESURVEILLANCESTATE-SPONSORED
→ SecurityWeek
CYBER-WARFARESURVEILLANCESTATE-SPONSORED
→ SecurityWeek
Stryker — Malicious File Linked to Iranian Government Hackers
The FBI published an alert describing malware used by Iranian government hackers in an attack on Stryker. A malicious file was found during the investigation. Details of the Iran-linked tooling are now public for threat intel purposes.
STATE-SPONSOREDIRANMALWARE
→ SecurityWeek
STATE-SPONSOREDIRANMALWARE
→ SecurityWeek
Emerging Threat Patterns
1. Supply Chain Attacks Are Accelerating
TeamPCP's cascading compromise (Trivy → KICS → LiteLLM → Checkmarx) shows how a single CI/CD breach can propagate through interconnected open-source tooling. The "Ghost" npm campaign adds to the pattern. Expect more.
2. AI Tooling Is the New Attack Surface
LiteLLM (AI proxy), AWS Bedrock attack vectors, Guardian Agent governance — three separate stories all point to agentic AI infrastructure becoming a prime target. Organizations deploying AI agents need security oversight now.
3. BYOVD Is Going Mainstream
The tax season malvertising campaign using a Huawei driver to disable EDR shows BYOVD (Bring Your Own Vulnerable Driver) is no longer an APT-only technique — commodity malware campaigns are adopting it.
4. European Governments Under Sustained Pressure
Dutch Ministry of Finance breach, Polish energy sector attacks, and the PTC Windchill emergency (which triggered BKA mobilization) paint a picture of EU infrastructure under persistent threat — reinforcing the NIS2 compliance urgency.
5. Third-Party/Vendor Risk Remains Underestimated
HackerOne breached through a benefits administrator. AstraZeneca allegedly breached. Mazda through an internal management system. The attack path through vendors and partners continues to be the weakest link.
TeamPCP's cascading compromise (Trivy → KICS → LiteLLM → Checkmarx) shows how a single CI/CD breach can propagate through interconnected open-source tooling. The "Ghost" npm campaign adds to the pattern. Expect more.
2. AI Tooling Is the New Attack Surface
LiteLLM (AI proxy), AWS Bedrock attack vectors, Guardian Agent governance — three separate stories all point to agentic AI infrastructure becoming a prime target. Organizations deploying AI agents need security oversight now.
3. BYOVD Is Going Mainstream
The tax season malvertising campaign using a Huawei driver to disable EDR shows BYOVD (Bring Your Own Vulnerable Driver) is no longer an APT-only technique — commodity malware campaigns are adopting it.
4. European Governments Under Sustained Pressure
Dutch Ministry of Finance breach, Polish energy sector attacks, and the PTC Windchill emergency (which triggered BKA mobilization) paint a picture of EU infrastructure under persistent threat — reinforcing the NIS2 compliance urgency.
5. Third-Party/Vendor Risk Remains Underestimated
HackerOne breached through a benefits administrator. AstraZeneca allegedly breached. Mazda through an internal management system. The attack path through vendors and partners continues to be the weakest link.