Week of March 20–22, 2026
The DoJ dismantles four IoT botnets behind a 31.4 Tbps DDoS world record. This week: Trivy's security scanner becomes an infostealer in a CI/CD supply chain attack, North Korea's APT37 bridges air-gapped networks via USB, and Langflow's AI pipeline RCE is exploited within 20 hours of disclosure.
Intel-01 / Botnet Disruption Operations
In a coordinated international takedown, the US Department of Justice — alongside German and Canadian authorities — dismantled four IoT botnets collectively infecting over 3 million devices and powering record-breaking DDoS attacks peaking at 31.4 Tbps. All four groups monetized access through DDoS-for-hire services and extortion.
Aisuru
Aisuru set consecutive DDoS world records, culminating in a 31.4 Tbps attack in December 2025 — 200 million requests per second. The botnet issued over 200,000 attack commands, targeting ISPs, game platforms, telecom, and US Department of Defense systems. Akamai collaborated with authorities to map infrastructure before seizure.
KimWolf
KimWolf leveraged compromised digital video recorders and IP cameras to build a resilient DDoS infrastructure. The botnet issued over 25,000 attack commands and was a significant contributor to DDoS-for-hire services targeting private enterprises and government systems across North America and Europe.
JackSkid
JackSkid operated the highest command volume of the four botnets, issuing over 90,000 DDoS attack commands. It primarily exploited poorly secured home and small-office WiFi routers, leveraging default credentials and unpatched firmware. The group operated a tiered subscription DDoS-for-hire service.
Mossad
The Mossad botnet combined DDoS-for-hire with direct extortion — threatening targets with sustained attacks unless ransom was paid. While issuing over 1,000 attack commands (the smallest of the four), the group maximized revenue through double-extortion targeting ISPs and financial institutions in Europe and North America.
Intel-02 / CI/CD Supply Chain
In a precise supply chain attack, threat group TeamPCP poisoned 75 of 76 version tags for Aqua Security's trivy-action — a widely used vulnerability scanner embedded in GitHub Actions CI/CD pipelines. The malicious binary ran silently before the legitimate scanner, harvesting credentials from developer machines and pipeline environments.
A first credential exposure at Aqua Security created the conditions for the second, more severe attack. Incomplete credential rotation left residual access vectors open — later exploited by TeamPCP to stage the March 19 attack.
INITIAL ACCESSAttackers used compromised credentials to retroactively repoint 75 of 76 git release tags in the aquasecurity/trivy-action repository. Any CI/CD pipeline referencing a tag (rather than a pinned SHA) pulled the malicious binary from that moment forward.
The malicious Trivy binary (v0.69.4) was pushed to GitHub Container Registry, Amazon ECR Public, Docker Hub, deb/rpm repositories, and the get.trivy.dev installer script — a three-hour exposure window before containment. setup-trivy was also affected.
Aqua Security removed all malicious artifacts and designated safe versions: trivy v0.69.3, trivy-action v0.35.0, setup-trivy v0.2.6. Any team running pipelines during the ~12-hour window for trivy-action or ~3-hour window for the binary was instructed to treat all secrets as compromised.
REMEDIATIONThe malicious code ran before the legitimate scanner, making workflows appear normal. It harvested SSH keys, cloud credentials (AWS, GCP, Azure), Kubernetes tokens, Docker configurations, and cryptocurrency wallets. If primary exfiltration failed, a fallback abused victims' own GitHub accounts to stage stolen data in public repositories.
INFOSTEALERIndicators of Compromise — Rotate if Exposed
Intel-03 / Nation-State / North Korea
Zscaler ThreatLabz exposed Ruby Jumper — a North Korean APT37 (ScarCruft) campaign bridging air-gapped networks through a four-stage infection chain that weaponizes cloud storage and USB drives simultaneously. The campaign marks a significant escalation in DPRK's capability to reach isolated classified networks.
Threat Dossier — Ruby Jumper
rubyupdatecheck
Phishing LNK extracts payloads. RESTLEAF executes in-memory, uses hardcoded Zoho WorkDrive OAuth tokens for C2. Downloads second-stage shellcode (AAA.bin) without touching disk.
Installs Ruby 3.3.0 runtime disguised as usbspeed.exe. Creates scheduled task every 5 minutes. Deploys secondary payloads for USB monitoring.
VIRUSTASK replaces victim files on inserted USBs with malicious shortcuts. THUMBSBD converts USB drives into bidirectional C2 relay channels using single-byte XOR encryption (key 0x83). Air gap crossed.
Deployed on air-gapped targets via USB. Provides keylogging, screenshots, audio/video surveillance, file operations, process enumeration, and interactive shell on port 8080.
Intel-04 / Vulnerability Intelligence
A critical unauthenticated RCE in Langflow AI pipelines was weaponized within 20 hours of advisory publication. ConnectWise patched a session-hijack flaw in ScreenConnect. Jenkins issued an RCE fix for symlink handling. CISA added five new KEV entries — Apple, Craft CMS, and Laravel — with a remediation deadline of April 3.
CVE-2026-33017
CVSS v4.0 — 9.3 CRITICALThe POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in Langflow versions prior to 1.9.0 accepts attacker-controlled flow data containing arbitrary Python code. The code passes through eval_custom_component_code() directly to an unsandboxed exec() call — no authentication required. Attackers built working exploits directly from the advisory text without a public PoC existing at time of exploitation. Targeted data included database keys, credentials, and connected infrastructure access.
CVE-2026-3564
ConnectWise ScreenConnect (all versions before 26.1) stored ASP.NET machine keys in config files. Unauthorized actors could extract and misuse keys to forge trusted authentication tokens — hijacking sessions, opening remote desktops, running commands, and installing malware with no user interaction required.
CONNECTWISE · CVSS 9.0 · PATCH: v26.1
CVE-2026-33001
Jenkins core versions 2.554 and LTS 2.541.2 and earlier allow arbitrary file creation and remote code execution through improper symlink handling during .tar and .tar.gz archive extraction. The flaw enables attackers to overwrite critical system files to achieve RCE on CI/CD servers.
JENKINS · CRITICAL RCE · CI/CD
CVE-2026-20131
Federal agencies face today's CISA BOD 22-01 mandatory remediation deadline for the Cisco Secure Firewall Management Center RCE flaw (exploited by Interlock ransomware since January 2026). Added to KEV March 19.
CISCO · FEDERAL DEADLINE TODAY · RANSOMWARE IN THE WILD
Intel-05 / Nation-State / Russia
Russian state-linked threat actors targeted Ukraine's State Hydrology Agency using a cross-site scripting vulnerability in Zimbra Collaboration Suite — delivering phishing emails in Ukrainian to harvest credentials and email data. The attack demonstrates continued Russian cyber operations against Ukrainian civilian infrastructure supporting the war effort.
The attack exploited a stored XSS flaw in Zimbra's web interface, allowing the injection of malicious JavaScript into targeted inboxes. When officials at the State Hydrology Agency — which manages Ukraine's river monitoring and flood early-warning systems — opened phishing emails, the embedded script executed in their browser sessions, harvesting session tokens and credentials. The targeting of hydrological infrastructure is consistent with Russian interest in disrupting Ukraine's ability to monitor water systems critical to civilian and military operations.
Intel-06 / Breach Register
Three confirmed data exposure events surfaced this week — spanning fintech, consumer safety services, and a ransomware group lawsuit. Each represents a distinct failure mode in modern enterprise security.
| Organization | Scope | Details |
|---|---|---|
|
Marquis
FINTECH · PAYMENT SERVICES
|
672,075 Individuals
SSNs Exposed
|
Marquis notified 672,075 individuals that a ransomware attack (August 2025) exposed Social Security numbers, bank account/card numbers, names, DOBs, and postal addresses. Over half of victims live in Texas. Marquis subsequently sued firewall provider SonicWall in February 2026, claiming security failings allowed attackers to access critical firewall configuration data used as the entry point for the compromise. |
|
Aura
CONSUMER SAFETY · DIGITAL PROTECTION
|
900,000 Records
ShinyHunters Follow-up
|
Online safety service Aura had ~900,000 contact records exposed — names, emails, IP addresses, phone numbers, and home addresses — originating from a marketing tool connected to an acquired company. ShinyHunters claimed responsibility, marking their fifth confirmed breach this month following Telus Digital, Salesforce, and Woflow. The attack originated from a targeted phishing email that compromised an Aura employee. |
|
ID Verification Service
IDENTITY · CLOUD STORAGE
|
1 Billion Records
Cloud Misconfiguration
|
An unnamed ID verification service exposed approximately 1 billion identity records via misconfigured cloud storage — including high-sensitivity PII used for identity verification. The exposure enables bypass of modern authentication protocols and creation of synthetic identities that appear legitimate to financial institutions. Root causes: unencrypted storage, weak API authentication, and permissive bucket policies. |
Intel-07 / Phishing · OAuth Abuse
Microsoft's security team documented an active phishing campaign exploiting OAuth's legitimate redirect mechanism to deliver malware to government and public-sector organizations. The attack weaponizes trusted identity providers as the delivery vehicle — the authentic OAuth login page becomes the final step before infection.
Threat actors register OAuth applications in Microsoft Entra ID or Google Workspace with redirect URIs pointing to attacker-controlled infrastructure. Lures include e-signature requests, Teams meeting recordings, M365 password resets, and financial or political themes.
ATTACKER SETUPVictim receives phishing email with a link that appears to initiate standard OAuth authentication to a legitimate Microsoft or Google service. URLs embed invalid scopes or "silent authentication" prompts to trigger controlled error-handling redirects.
VICTIM TARGETEDThe user reaches an authentic Microsoft or Google sign-in page — valid SSL certificate, familiar branding, real domain. No defenses trigger. The victim authenticates legitimately, defeating browser security controls and email link scanners.
USER AUTHENTICATES NORMALLYAfter successful authentication, the OAuth flow redirects the browser to attacker infrastructure hosting malware or credential-harvesting pages. A parallel campaign abuses Microsoft's Device Code flow — victims approve device authorization on legitimate Microsoft pages, granting attackers persistent OAuth tokens for direct account access and BEC operations.
MALWARE / BEC ACCESS ACHIEVEDIntel-08 / AI Infrastructure Threats
CVE-2026-33017 in Langflow marks a turning point: AI orchestration frameworks — not just the models inside them — are now primary targets. As enterprises deploy autonomous AI pipelines with broad access to databases, APIs, and cloud credentials, the attack surface has expanded dramatically.
AI pipeline frameworks like Langflow manage connections to databases, vector stores, external APIs, and cloud services. A single framework compromise can yield credentials to multiple downstream systems — far exceeding typical web application impact.
Attackers built working exploits directly from the CVE advisory description. This underscores that for AI frameworks with simple attack paths, the advisory itself provides sufficient exploitation guidance — patch windows measured in hours, not days.
The vulnerable Langflow endpoint was designed for public, unauthenticated access to enable collaborative flows. This architectural pattern — necessary for some legitimate use cases — creates an unpatched attack surface in any internet-exposed deployment.
The parallel Trivy supply chain attack targeted developer environments where AI infrastructure credentials co-exist with CI/CD secrets. Cloud credentials stolen from DevOps pipelines frequently include access to AI platform APIs, model repositories, and vector database endpoints.
Intel-09 / Cryptography · Post-Quantum Migration
The SEC submitted a Post-Quantum Financial Infrastructure Framework (PQFIF) this week citing a Europol assessment: quantum threats could materialize as early as 2028. QuSecure's live banking deployment with Banco Sabadell provides the first real-world proof that enterprise-scale PQC migration is operationally viable today.
SEC · PQFIF · March 2026
The SEC's Post-Quantum Financial Infrastructure Framework highlights QuSecure's four-month production deployment with Banco Sabadell as evidence that PQC migration is "technically feasible and operationally practical for major financial institutions" — removing the viability objection from migration delays.
NIST · Standards Finalized
NIST's PQC standardization is complete: ML-KEM (CRYSTALS-Kyber), ML-DSA (CRYSTALS-Dilithium), FN-DSA (Falcon), SLH-DSA (SPHINCS+), and HQC for key-establishment diversity. NIST IR 8547 defines the migration transition path for federal agencies and industry — quantum-vulnerable algorithms face a retirement deadline.
Europol · Threat Assessment
Europol's assessment cited by the SEC identifies a 2028 window for quantum threats to become practically exploitable. Nation-state actors are already executing "harvest now, decrypt later" campaigns — collecting encrypted communications today for future decryption. Critical infrastructure and financial sectors face the highest residual exposure.
Europol's assessed window for quantum threats to reach practical exploitability — cited in the SEC's March 2026 PQFIF submission. With enterprise PQC migrations taking 18–36 months for full deployment, organizations starting now face a narrow compliance window. NIST IR 8547 sets the migration framework; NIST SP 800-227 covers key encapsulation recommendations. The SEC's framework signals regulatory pressure is coming for the financial sector.
Intel-10 / Compliance & Regulatory Pulse
Multiple regulatory deadlines are active or imminent. Federal agencies face mandatory patching windows from CISA's BOD 22-01. European financial entities remain under DORA operational resilience requirements. NIS2 enforcement continues expanding across EU member states.
Federal agencies must remediate CVE-2026-20131 (Cisco Secure Firewall Management Center RCE) per CISA BOD 22-01. Exploited by Interlock ransomware since January 2026.
Federal agencies must patch CVE-2026-22719 (VMware Aria Operations unauthenticated command injection, CVSS 8.1). Actively exploited in the wild. Added to KEV March 3.
Remediation deadline for CVE-2026-3910 (Chrome V8 sandbox escape) and CVE-2026-3909 (Skia OOB write). Both actively exploited in the wild.
Five KEV additions from March 20: CVE-2025-31277, CVE-2025-43510, CVE-2025-43520 (Apple), CVE-2025-32432 (Craft CMS), and CVE-2025-54068 (Laravel Livewire).
April 2026 Patch Tuesday. Watch for patches addressing residual exploitation of CVE-2026-21262 (SQL Server EoP) and CVE-2026-26127 (zero-days from March). DORA ICT risk management reporting windows also active for EU financial entities.
Following Germany's €850K first penalty (Feb 2026) and France's 14 open investigations, additional EU member states are initiating NIS2 enforcement actions. Fines reach €10M or 2% of global annual turnover.
31.4
Tbps — DDoS world record broken
3M+
IoT devices freed in takedown
75
Trivy release tags poisoned
20
Hours to Langflow RCE exploit
672K
SSNs in Marquis breach
2028
Europol quantum threat window
5
New CISA KEV entries (Mar 20)
Intel-11 / Forward Intelligence
March 24, 2026
Federal agencies must remediate CVE-2026-22719 (CVSS 8.1 — command injection) per BOD 22-01. Actively exploited in the wild. Cloud environments should audit Aria Operations access controls.
March 25, 2026
Google typically releases Chrome stable updates on Tuesdays. Monitor for additional V8 engine and Skia patches following active exploitation of CVE-2026-3910 and CVE-2026-3909.
March 27, 2026
Mandatory federal remediation for CVE-2026-3910 (V8 sandbox escape) and CVE-2026-3909 (Skia OOB write). Both actively exploited. All organizations should prioritize Chrome updates this week.
Week of March 23
Any organization running internet-exposed Langflow instances below 1.9.0 remains vulnerable to unauthenticated RCE. The 20-hour exploitation timeline makes this week's upgrade window critical — treat as an emergency patch.
April 3, 2026
Remediation deadline for five CISA KEV additions from March 20: three Apple CVEs (buffer overflow, improper locking), Craft CMS code injection (CVE-2025-32432), and Laravel Livewire code injection (CVE-2025-54068).
April 14, 2026
Next Microsoft patch cycle. Anticipated: follow-up patches for SQL Server EoP (CVE-2026-21262), any residual zero-day exploitation from March, and potential new zero-days disclosed prior to the release date. Begin scoping testing environments now.