Latest Interesting Cybersecurity News – 2026-03-30

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. npm adds delayed-installs (minimumReleaseAge), tighter Git install controls, and bulk OIDC trusted publishing config

Recent npm CLI 11.x releases add controls to reduce supply-chain blast radius, including a new minimumReleaseAge setting that blocks installs of newly published package versions until they “age” past a threshold. By enforcing a minimum age threshold before a version can be installed, the feature reduces exposure to malicious packages that rely on rapid, automated consumption before detection or takedown.

Key Details

• Additionally, npm CLI 11.10.0 added –allow-git controls for npm install to address risk from Git dependencies, which can include a .npmrc that overrides the git executable path and (in some cases) enables toolchain-level execution even when –ignore-scripts is used.

Next Steps

• Set and standardize minimumReleaseAge in your npm CLI configuration 
• For CI/build environments, prefer npm install –allow-git=none unless Git dependencies are explicitly required
• If you maintain multiple packages, use npm trust to roll out or update OIDC trusted publishing configuration in bulk

Read more at Socket

2. iOS exploit kits leak to Github → Apple pushes lock-screen warnings to unpatched iPhones/iPads

Apple has begun sending Lock Screen notifications to devices on older iOS/iPadOS versions warning urging users to install a "critical update." 

The urgency is amplified by the recent leak of two iOS exploit frameworks — DarkSword and Coruna — to GitHub, putting what were previously tightly held, high-end iPhone exploit chains into the hands of any motivated attacker. Security firms report threat actors are already operationalizing these frameworks to deliver malware via malicious or compromised web content.

Key Details

• Coruna targets iOS 13.0–17.2.1 (released December 2023), while DarkSword targets iOS 18.4–18.7 (released March 2025).
• A DarkSword-related artifact referenced the domain escofiringbijou[.]com, described as a second-stage domain tied to TA446 infrastructure.

Next Steps

• Update all iOS devices to latest available versions
• If devices can’t be upgraded, consider enabling Apple Lockdown Mode (iOS 16+)

Read more at The Hacker News, Security Affairs, CyberScoop, The Hacker News, BleepingComputer

3. Third-party risk cascaded into fourth and fifth: and it started with one misconfiguration

Aqua Security had a misconfigured pull_request_target workflow in Trivy's GitHub repo → hackerbot-claw (an autonomous AI-powered bot) opened a PR and stole Aqua's bot PAT → Aqua rotated credentials but missed some → TeamPCP used the surviving credentials three weeks later to push malicious Trivy releases and force-move 75 of 76 trivy-action GitHub Action tags → every downstream project using Trivy in CI/CD unknowingly ran the malicious code with their own credentials → TeamPCP used those stolen tokens to publish compromised versions of litellm (a popular Python LLM proxy library) on PyPI → developers and Kubernetes clusters running litellm got credential-stealing malware with persistence.
FUN FACT: Trivy used Delve for their compliance. The alleged "fake certification" factory covered last week.

Key Details

• Compromised versions: 1.82.8 and 1.82.7
• The litellm payload used a .pth file that auto-executes on every Python interpreter startup — meaning even projects that had litellm as an indirect dependency got hit. On Kubernetes, it attempted cluster-wide secret access and deployed privileged pods for persistence.

Next Steps

• Identify exposure by checking for litellm 1.82.7/1.82.8
• Only allow pinnning GitHub Actions by commit SHA, not tags. Tags are mutable — this single change would have prevented the downstream cascade.
• Audit all pull_request_target workflows. If any of them also check out PR head code, they run attacker-controlled code with your repo’s secrets. Switch to the regular pull_request trigger or never check out the PR’s code.
• Save this story for your next regular information security training as a vivid example.

Read more at FutureSearch, Microsoft Security Blog, Wiz, SecurityWeek, BleepingComputer, The Hacker News, Socket, Socket, Krebs on Security, CSO Online

4. GitHub Copilot Free/Pro users’ prompts and code context will be used for model training by default starting April 24

Starting April 24, GitHub will use Copilot Free, Pro, and Pro+ interaction data (inputs/outputs, code snippets, and surrounding context) to train and improve its AI models by default, with an opt-out available in Copilot Privacy settings. Copilot Business and Copilot Enterprise users are not affected by this change, and prior opt-out preferences will remain in effect.

Key Details

• GitHub clarifies it does not use issues, discussions, or private repositories “at rest”, but Copilot processes private repo code during active use and that interaction data could be used for training unless opted out.

Next Steps

• Visit to modify your opt-in settings: https://github.com/settings/copilot under “Privacy” before April 24.

Read more at GitHub Blog

5. Kali Linux 2026.1 ships 8 new security tools and adds a Undercover mode

Kali Linux released 2026.1 with eight new offensive/security testing tools plus a new “BackTrack mode” for Kali-Undercover, alongside a yearly theme refresh. The release also updates core components (including the kernel) and tweaks NetHunter, expanding both the tooling and UX options for Kali users.

Key Details

• New tools added include AdaptixC2, Atomic-Operator, Fluxion, GEF, MetasploitMCP, SSTImap, WPProbe, and XSStrike.
• MetasploitMCP is notable as an MCP server for Metasploit — it lets LLM-based tools drive exploit execution, payload generation, and session management via natural language, signaling that AI-assisted pentesting is now mainstream enough for Kali’s official repos.
• Kali-Undercover’s new option provides a one-click switch to a BackTrack 5-like desktop theme

Read more at BleepingComputer

6. Smart Slider 3 flaw exposes server files on 800K+ WordPress sites to any logged-in user

A flaw in the Smart Slider 3 WordPress plugin, used on 800,000+ sites to build animated sliders and hero sections, allows any authenticated user (including subscribers) to read arbitrary files on the server via abused export functionality. Attackers could potentially retrieve sensitive configuration data (e.g., WordPress database credentials and cryptographic keys) and use it to pivot into deeper compromise.

Key Details

• Tracked as CVE-2026-3098, affecting Smart Slider 3 versions through 3.5.1.33.
• Patch released in Smart Slider 3 v3.5.1.34; WordPress.org download stats indicating at least ~500,000 sites may still be on vulnerable versions.
• Root cause: missing capability checks in AJAX export actions, enabling low-privilege authenticated users to invoke export features they shouldn’t have access to.
• Defiant/Wordfence researchers say the export function lacks file type and source validation, allowing non-media files (including .php) to be added to an export archive and read.

Next Steps

• Update Smart Slider 3 to version 3.5.1.34 or later.

Read more at BleepingComputer

7. Langflow’s unsandboxed code execution flaw exploited within ~20 hours

Attackers are gaining unauthenticated remote code execution on Langflow, an open-source visual builder for LLM agent pipelines — think n8n, but narrowly focused on chaining language models, vector stores, and AI tools into workflows. 
The root cause: Langflow's public API accepts arbitrary flow definitions and runs embedded Python via exec() with no authentication or sandboxing. n8n hit the same class of problem last year and responded by disabling arbitrary command execution by default in v2.0; Langflow hadn't caught up. 
These tools often hold LLM API keys, cloud credentials, and database secrets — and with arbitrary code execution on the host, attackers can read .env files, dump databases, and exfiltrate every stored credential in a single pass

Key Details

• The issue affects Langflow versions 1.8.1 and earlier; Langflow says upgrading to version 1.9.0 mitigates the vulnerability.
• The vulnerable behavior involves an unauthenticated API that can accept attacker-provided flow definitions; the flow content can include arbitrary Python that is executed via exec() with no sandboxing (per the GitHub advisory).
• Sysdig reported exploitation began about 20 hours after public disclosure, even though no public proof-of-concept exploit was available at the time
• Observed activity included automated scanning, Python-scripted exploitation, and harvesting of .env/.db data, with Sysdig citing a spike to 1,000+ attempts and payloads ranging from info stealers and reverse shells to cryptominers.

Next Steps

• Upgrade Langflow to 1.9.0 or later
• Restrict/disable the vulnerable public-flow build endpoint and avoid exposing Langflow directly to the internet where possible.
• Inventory workflow and automation tools (n8n, Langflow, Flowise, Dify, etc.) in your environment — including developer experiments — and hold them to the same patching and access control standards as any other internet-facing service.
• If you suspect exposure, rotate Langflow-adjacent secrets (API keys for LLM providers, cloud credentials, database credentials) that may be stored on or accessible from the Langflow host.

Read more at CSO Online, BleepingComputer, Dark Reading, Security Affairs

8. FCC blocks new imports of non‑U.S.-made consumer routers, citing “unacceptable” national security risk

The FCC updated its supply-chain “Covered List” to bar import/marketing authorization for new consumer router models manufactured outside the U.S. unless the vendor receives a government exemption. The FCC says foreign-made routers create supply-chain exposure and are frequently compromised and repurposed for espionage, password-spraying, and botnet activity—including being used as footholds in recent China-linked intrusions.
Critics have many thoughts.

Key Details

• TP-Link noted that virtually all routers are manufactured outside the U.S., including products from American companies — the only known U.S.-made exception being newer Starlink routers built in Texas.
• The exemption mechanism has drawn comparisons to tariff carve-outs, with critics warning it gives the government broad discretionary power over which foreign manufacturers can access the U.S. market, and that the timing alongside broader trade actions makes it difficult to separate security motives from trade leverage.
• The same FCC chairman Carr who issued the ban voted in November 2025 to scrap enforceable cybersecurity rules that required telecom operators to secure their networks after Salt Typhoon — the very campaign now cited to justify the router restrictions.
• For comparison, the EU’s Cyber Resilience Act takes the opposite approach: requiring all products to meet security baselines regardless of where they’re made, rather than restricting by country of origin.

Read more at The Hacker News, BleepingComputer, The Record, SecurityWeek

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.