Critical PTC Flaw Triggers Police Mobilization; CISA Adds Exploited AI & Scanner Bugs to KEV Catalog
Summary
This intelligence briefing for March 27, 2026, covers a critical RCE vulnerability (CVE-2026-4681) in PTC Windchill that led to an unprecedented police mobilization in Germany to warn companies. CISA has added two actively exploited flaws to its KEV catalog: a critical RCE in the Langflow AI framework (CVE-2026-33017) and a supply chain vulnerability in the Trivy scanner (CVE-2026-33634). Additionally, reports detail new APT activity from China-linked 'Red Menshen' using the BPFDoor backdoor and Russia's 'Pawn Storm' deploying new 'PRISMEX' malware with a Windows zero-day. Other major events include the emergence of 'Uragan' ransomware, significant cyberattacks on the Port of Vigo and a US Sheriff's office, and a major policy shift by the US Intelligence Community towards a Zero Trust architecture.
Today New Articles
Police Physically Warn Firms of Critical Unpatched RCE Flaw in PTC Windchill
A critical remote code execution (RCE) vulnerability in PTC's Windchill and FlexPLM software, tracked as CVE-2026-4681 with a CVSS score of 10.0, has prompted an unprecedented response in Germany. Police officers were physically dispatched, some in the middle...
China-Linked 'Red Menshen' APT Creates 'Digital Sleeper Cells' in Telecoms with BPFDoor
A long-running espionage campaign attributed to a China-linked threat actor dubbed 'Red Menshen' has been uncovered targeting telecommunications providers across the Middle East and Asia. Active since at least 2021, the group utilizes a highly sophisticated an...
CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The first, CVE-2026-33017, is a critical unauthenticated RCE in the...
Ransomware Dip Masks Alarming Rise in Nation-State Attacks on Critical Infrastructure
The Waterfall Threat Report 2026 reveals a complex shift in the industrial cyberattack landscape. While publicly recorded cyber incidents against heavy industry with physical consequences fell by 25% in 2025, this masks a more dangerous trend: attacks by natio...
New 'Uragan' Ransomware Emerges, Using Double Extortion Against Windows Systems
Researchers at CYFIRMA have discovered a new strain of ransomware named 'Uragan' on underground forums. This file-encrypting malware targets Windows systems, appending a '.uragan' extension to encrypted files and dropping a ransom note named 'README.txt'. The...
Ransomware Attack Cripples Indiana Sheriff's Office, Forcing Full System Rebuild
The Jackson County Sheriff's Office in Indiana has suffered a devastating ransomware attack that has completely disabled its entire computer network. The attack, believed to have originated from a malicious email, has corrupted all computers, Wi-Fi, and the de...
Sophisticated AiTM Phishing Campaign Targets TikTok for Business Accounts to Bypass MFA
A sophisticated phishing campaign is actively targeting TikTok for Business accounts using adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication. According to researchers at Push Security, the attack uses a multi-stage process involvi...
Ransomware Attack on Spain's Port of Vigo Disrupts Cargo Operations, Forces Manual Processes
The Port of Vigo, a major fishing port in Spain, has been hit by a ransomware attack that disrupted its digital cargo management systems. The port authority detected the attack on Tuesday, immediately isolating affected servers to contain the threat. The incid...
Russia's Pawn Storm (APT28) Targets Defense Supply Chain with New 'PRISMEX' Malware and Zero-Day
The prolific Russia-aligned threat group Pawn Storm (also known as APT28 or Fancy Bear) is conducting a new campaign targeting the defense supply chain of Ukraine and its allies. According to Trend Micro, the group is deploying a new modular malware collection...