Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-26 13:00 PDT
- CISA: New Langflow flaw actively exploited to hijack AI workflows
BleepingComputer • 2026-03-26 12:17 • www.bleepingcomputer.com
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. […]
https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/ - TeamPCP Supply Chain Campaign: Update 001 – Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
SANS ISC Diary (full) • 2026-03-26 10:42 • isc.sans.eduThis is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication.
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
The Hacker News • 2026-03-26 10:40 • thehackernews.com
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks.
The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow,
https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html - UK sanctions Xinbi marketplace linked to Asian scam centers
BleepingComputer • 2026-03-26 08:42 • www.bleepingcomputer.com
The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. […]
https://www.bleepingcomputer.com/news/security/uk-sanctions-xinbi-marketplace-linked-to-asian-scam-centers/ - TikTok for Business accounts targeted in new phishing campaign
BleepingComputer • 2026-03-26 07:09 • www.bleepingcomputer.com
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. […]
https://www.bleepingcomputer.com/news/security/tiktok-for-business-accounts-targeted-in-new-phishing-campaign/ - WhatsApp rolls out more AI features, iOS multi-account support
BleepingComputer • 2026-03-26 07:06 • www.bleepingcomputer.com
WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. […]
https://www.bleepingcomputer.com/news/software/whatsapp-rolls-out-more-ai-features-ios-multi-account-support/ - Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
BleepingComputer • 2026-03-26 07:00 • www.bleepingcomputer.com
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. […]
https://www.bleepingcomputer.com/news/security/inside-a-modern-fraud-attack-from-bot-signups-to-account-takeovers/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
