Daily Digest

Massive Trivy Supply Chain Attack Rocks Cloud-Native Ecosystem; FCC Bans Foreign Routers

Massive Trivy Supply Chain Attack Rocks Cloud-Native Ecosystem; FCC Bans Foreign Routers

March 25, 2026
8 articles (5 new, 3 updated)
24 min read

Summary

A sophisticated supply chain attack attributed to 'TeamPCP' has compromised the popular Trivy scanner and LiteLLM library, impacting over 1,000 SaaS environments and triggering a widespread security crisis. In a major policy shift, the U.S. FCC has banned the import and sale of all new foreign-produced consumer routers, citing unacceptable national security risks. This edition for March 25, 2026, also covers a critical Cisco firewall zero-day, a ransomware attack forcing a California city into a state of emergency, and major data breaches at Navia and Hightower Holding affecting millions.

Filter by Category

New Articles (5)

FCC Issues Sweeping Ban on All Foreign-Produced Consumer Routers Citing National Security Risks

INFORMATIONAL

FCC Bans Imports and Sales of New Foreign-Made Consumer Routers, Citing Espionage and Critical Infrastructure Risks

The U.S. Federal Communications Commission (FCC) has enacted a sweeping ban on the import and authorization of all new models of foreign-produced consumer-grade wireless routers. The devices have been added to the FCC's "Covered List" following a White House determination that they pose an unacceptable risk to U.S. national security. The move is aimed at preventing espionage and attacks on critical infrastructure by state-sponsored actors like Volt Typhoon. While not naming a specific country, the ban will significantly impact Chinese firms like TP-Link and any U.S. companies that manufacture their devices overseas. Existing inventory can still be sold, but no new models can be introduced to the U.S. market without FCC approval under a new, stricter regime.

March 25, 2026
3 min read
FCCNational SecuritySupply ChainRouter SecurityRegulation +1 more
FCC Issues Sweeping Ban on All Foreign-Produced Consumer Routers Citing National Security Risks
Policy and Compliance
Regulatory
Supply Chain Attack

Wealth Manager Hightower Holding Discloses Data Breach Affecting Over 131,000 Clients

HIGH

Hightower Holding Data Breach Exposes Social Security Numbers of 131,483 Individuals

Chicago-based wealth management firm Hightower Holding has disclosed a data breach that exposed the sensitive personal information of 131,483 clients. The breach occurred across two separate incidents in January 2026, where an unauthorized actor gained access to the company's network via compromised user accounts and exfiltrated files. The stolen data includes full names, Social Security numbers, and driver's license numbers. The company discovered the breach on March 12 and began notifying victims on March 23, a delay that has prompted investigations by multiple law firms for a potential class-action lawsuit.

March 25, 2026
4 min read
Data BreachFinancial ServicesPIISocial Security NumberClass Action Lawsuit
Wealth Manager Hightower Holding Discloses Data Breach Affecting Over 131,000 Clients
Data Breach
Policy and Compliance
Phishing

CISA Adds Actively Exploited Langflow Code Injection Flaw to KEV Catalog

HIGH

CISA Adds Langflow Code Injection Vulnerability (CVE-2026-33017) to Known Exploited List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a code injection vulnerability in Langflow, CVE-2026-33017, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that the vulnerability is being actively exploited in the wild. Langflow is a user interface for the popular LangChain application development framework, making this a significant threat to organizations developing AI and LLM-based applications. In accordance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch agencies are now required to remediate this vulnerability by a specified deadline.

March 25, 2026
3 min read
CISAKEVCVE-2026-33017LangflowCode Injection +1 more
CISA Adds Actively Exploited Langflow Code Injection Flaw to KEV Catalog
Vulnerability
Patch Management
Regulatory

NIST Releases New Quick-Start Guides to Boost Adoption of Cybersecurity Framework 2.0

INFORMATIONAL

NIST Publishes New Quick-Start Guides for CSF 2.0 Implementation

The U.S. National Institute of Standards and Technology (NIST) has released two new quick-start guides to help organizations implement its Cybersecurity Framework (CSF) 2.0. The first guide, SP 1308, focuses on integrating cybersecurity with enterprise risk management (ERM) and workforce planning, bridging the gap between technical teams and executive leadership. The second, a draft guide (SP 1347), explains how to use CSF 2.0's "Informative References" to map security outcomes to other standards and practices. These resources aim to make the updated framework more accessible and operational for a wider range of organizations.

March 25, 2026
3 min read
NISTCSFCybersecurity FrameworkERMRisk Management +1 more
NIST Releases New Quick-Start Guides to Boost Adoption of Cybersecurity Framework 2.0
Policy and Compliance
Regulatory

Nike Faces Class-Action Lawsuit Over January Data Breach

MEDIUM

Nike Sued in Proposed Class-Action Lawsuit Following January 2026 Data Breach

Nike Inc. is the target of a proposed class-action lawsuit filed in Oregon over a data breach the company discovered on a third-party portal in January 2026. The lawsuit alleges that the sportswear giant failed to implement adequate security measures to protect customer data and violated the law by waiting a month to begin notifying affected individuals. The complaint accuses Nike of breaching its duties under the FTC Act, contract law, and common law, seeking to represent a class of all individuals whose data was compromised in the incident.

March 25, 2026
3 min read
Data BreachNikeClass ActionLawsuitThird-Party Risk
Nike Faces Class-Action Lawsuit Over January Data Breach
Data Breach
Policy and Compliance
Regulatory

Updated Articles (3)

SOCs Pivot to Autonomous Defense to Counter Machine-Speed AI Attacks

INFORMATIONAL

Analysis: Security Operations Centers Must Adopt Autonomous Strategies to Counter AI-Driven Threats

Update:

A new PwC report, 'Annual Threat Dynamics 2026,' reveals a critical evolution in the cyber threat landscape: a dominant shift towards identity-centric attacks. Adversaries are now focusing on compromising and abusing legitimate credentials ('logging in') rather than traditional perimeter breaches ('breaking in'). Artificial Intelligence significantly amplifies this trend, enabling automated reconnaissance, highly convincing phishing, and accelerated malware development. This necessitates elevating Identity and Access Management to a board-level strategic priority and adopting a Zero Trust mindset to counter these stealthier, more sophisticated threats, which include the abuse of non-human identities and targeting AI workflows.

February 25, 2026
Updated: March 25, 2026
5 min read
SOCAutonomous SecurityAIMachine LearningSOAR +2 more
SOCs Pivot to Autonomous Defense to Counter Machine-Speed AI Attacks
Security Operations
Policy and Compliance
Threat Intelligence

Microsoft Teams Phishing Campaign Uses Quick Assist to Deploy 'A0Backdoor' Malware

MEDIUM

Attackers Abuse Microsoft Teams and Quick Assist in Social Engineering Campaign to Deliver A0Backdoor

Update:

Microsoft's DART team has issued a warning about an evolution of the A0Backdoor campaign. Attackers are now specifically employing voice phishing (vishing) via Microsoft Teams calls, impersonating IT support to trick users. A significant new development is the explicit focus on credential harvesting: after gaining Quick Assist access, attackers direct victims to spoofed login pages to steal corporate credentials before deploying the A0Backdoor malware. This hands-on-keyboard approach, observed since November 2025, allows for more adaptive attacks and a broader scope of impact, including direct credential theft in addition to persistent backdoor access. The campaign continues to target financial and healthcare sectors.

March 21, 2026
Updated: March 25, 2026
4 min read
social engineeringliving off the landbackdoorcollaboration toolsremote access
Microsoft Teams Phishing Campaign Uses Quick Assist to Deploy 'A0Backdoor' Malware
Phishing
Malware
Security Operations

Analysts Warn of 'Cyber Spillover' as US-Iran Tensions Escalate, Threatening Global Orgs

HIGH

Cyber Spillover from US-Iran Conflict a Growing Concern for Security Analysts

Update:

A new World Economic Forum report, 'Global Cybersecurity Outlook 2026,' confirms the escalating global cyber risks due to the Middle East conflict. It highlights that 91% of large organizations have adapted their strategies. The report provides a concrete example of an Iran-backed wiper malware attack against U.S. medical equipment provider Stryker Corporation, demonstrating the 'cyber spillover' effect. Furthermore, it introduces a new critical concern: the physical vulnerability of undersea communication cables, which could lead to widespread connectivity issues. This update reinforces the need for enhanced resilience, Zero Trust, and public-private partnerships to counter state-aligned cyber operations.

March 6, 2026
Updated: March 25, 2026
4 min read
GeopoliticsIranCyber SpilloverCollateral DamageAPT +1 more
Analysts Warn of 'Cyber Spillover' as US-Iran Tensions Escalate, Threatening Global Orgs
Threat Intelligence
Cyberattack
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats