The TeamPCP supply chain campaign has triggered a law enforcement high-priority alert and the Trivy vulnerability (CVE-2026-33634) has been added to the KEV catalog. The cascade now spans six platforms — GitHub Actions, Docker Hub, PyPI, npm, VS Code extensions, and cloud communications SDKs — after the Telnyx Python package was compromised using audio steganography to conceal malware in a .WAV file. F5 BIG-IP APM CVE-2025-53521 was reclassified from DoS to RCE (CVSS 9.3) and confirmed exploited. Citrix NetScaler CVE-2026-3055 is seeing active reconnaissance. The Langflow AI platform RCE remains under active exploitation and is now in the KEV catalog. GlassWorm evolved to use Solana dead drops for RAT delivery via a malicious Chrome extension masquerading as Google Docs.

Links & Resources

• https://cyberpress.org/fbi-teampcp-supply-chain-alert/
• https://thehackernews.com/2026/03/teampcp-telnyx-supply-chain-wav-steganography.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://thehackernews.com/2026/03/f5-bigip-apm-rce-kev.html
• https://thehackernews.com/2026/03/citrix-netscaler-active-reconnaissance.html
• https://www.bleepingcomputer.com/news/security/langflow-ai-rce-cisa-kev/
• https://thehackernews.com/2026/03/glassworm-solana-dead-drops-rat-chrome.html
• https://www.hendryadrian.com/cybersecurity-news-daily-recap-27-mar-2026/