Weekly Threat Overview
Another week has brought more reminders of the ongoing cybersecurity challenges in our digital world. Systems once thought secure are being compromised through simple yet effective methods, highlighting that many still neglect basic security advisories.
Threat of the Week: Trivy Vulnerability Scanner Breached
Attackers have successfully backdoored the widely-used open-source Trivy vulnerability scanner. This breach has led to the injection of credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The compromised Trivy, developed by Aqua Security, is one of the most popular scanners with over 32,000 GitHub stars and more than 100 million Docker Hub downloads.
Top News Highlights
- DoJ Takes Down DDoS Botnets: A cluster of IoT botnets behind some of the largest DDoS attacks was dismantled by law enforcement. These botnets, including AISURU and Kimwolf, had amassed over 3 million devices.
- Google’s Advanced Flow for Android Sideloading: Google introduced a new advanced flow to combat scams and malware when installing apps from unverified developers on Android.
Critical Security Flaws Exploited
- Lanflow Critical Flaw Under Attack: A critical security flaw in Langflow was exploited within 20 hours of its public disclosure, highlighting the rapid weaponization of newly published vulnerabilities.
- Interlock Ransomware Exploits Cisco FMC Zero-Day: Interlock ransomware took advantage of a zero-day vulnerability in Cisco Secure Firewall Management Center (FMC) Software before it was publicly disclosed.
New Malware and Exploit Kits Identified
- DarkSword iOS Exploit Kit: A new watering hole attack against iPhone users has been found to deliver a previously undocumented iOS exploit kit codenamed DarkSword.
- Perseus Android Malware: A newly discovered Android malware is disguising itself within television streaming apps to steal passwords and banking data, primarily targeting users in Turkey and Italy.
Trending CVEs
The following vulnerabilities are this week’s most critical, affecting high-severity software or drawing significant attention from the security community:
- CVE-2026-21992 (Oracle)
- CVE-2026-33017 (Langflow)
- CVE-2026-32746 (GNU InetUtils telnetd)
- and more…
Around the Cyber World
- WhatsApp Tests Usernames Instead of Phone Numbers: WhatsApp is planning to introduce usernames and unique IDs instead of phone numbers, enhancing user privacy.
- FBI Details SE Asia Scam Centers: The FBI detailed its work with Thai authorities to shut down scam centers targeting retirees and small-business owners in Southeast Asia.
元記事: https://thehackernews.com/2026/03/weekly-recap-cicd-backdoor-fbi-buys.html