Massive Trivy Supply Chain Attack Rocks Cloud-Native Ecosystem; FCC Bans Foreign Routers

Publication Date: March 25, 2026

Summary

A sophisticated supply chain attack attributed to 'TeamPCP' has compromised the popular Trivy scanner and LiteLLM library, impacting over 1,000 SaaS environments and triggering a widespread security crisis. In a major policy shift, the U.S. FCC has banned the import and sale of all new foreign-produced consumer routers, citing unacceptable national security risks. This edition for March 25, 2026, also covers a critical Cisco firewall zero-day, a ransomware attack forcing a California city into a state of emergency, and major data breaches at Navia and Hightower Holding affecting millions.

Today New Articles

FCC Issues Sweeping Ban on All Foreign-Produced Consumer Routers Citing National Security Risks

The U.S. Federal Communications Commission (FCC) has enacted a sweeping ban on the import and authorization of all new models of foreign-produced consumer-grade wireless routers. The devices have been added to the FCC's "Covered List" following a White House d...

Wealth Manager Hightower Holding Discloses Data Breach Affecting Over 131,000 Clients

Chicago-based wealth management firm Hightower Holding has disclosed a data breach that exposed the sensitive personal information of 131,483 clients. The breach occurred across two separate incidents in January 2026, where an unauthorized actor gained access...

CISA Adds Actively Exploited Langflow Code Injection Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a code injection vulnerability in Langflow, CVE-2026-33017, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that the vulnerability is being actively exploited...

NIST Releases New Quick-Start Guides to Boost Adoption of Cybersecurity Framework 2.0

The U.S. National Institute of Standards and Technology (NIST) has released two new quick-start guides to help organizations implement its Cybersecurity Framework (CSF) 2.0. The first guide, SP 1308, focuses on integrating cybersecurity with enterprise risk ma...

Nike Faces Class-Action Lawsuit Over January Data Breach

Nike Inc. is the target of a proposed class-action lawsuit filed in Oregon over a data breach the company discovered on a third-party portal in January 2026. The lawsuit alleges that the sportswear giant failed to implement adequate security measures to protec...

Article Updates

SOCs Pivot to Autonomous Defense to Counter Machine-Speed AI Attacks

Update:A new PwC report, 'Annual Threat Dynamics 2026,' reveals a critical evolution in the cyber threat landscape: a dominant shift towards identity-centric attacks. Adversaries are now focusing on compromising and abusing legitimate credentials ('logging in') rathe...

Analysts Warn of 'Cyber Spillover' as US-Iran Tensions Escalate, Threatening Global Orgs

Update:A new World Economic Forum report, 'Global Cybersecurity Outlook 2026,' confirms the escalating global cyber risks due to the Middle East conflict. It highlights that 91% of large organizations have adapted their strategies. The report provides a concrete exam...

Microsoft Teams Phishing Campaign Uses Quick Assist to Deploy 'A0Backdoor' Malware

Update:Microsoft's DART team has issued a warning about an evolution of the A0Backdoor campaign. Attackers are now specifically employing voice phishing (vishing) via Microsoft Teams calls, impersonating IT support to trick users. A significant new development is the...