Security news.
Today's security news is dominated by critical supply chain attacks and state-sponsored phishing campaigns. The Trivy vulnerability scanner was compromised, leading to the distribution of infostealing malware and a self-propagating worm across numerous npm packages. Additionally, CISA and the FBI have warned about Russian intelligence services targeting commercial messaging apps with sophisticated phishing attacks.
Trivy Vulnerability Scanner Breach Pushed Infostealer
The Trivy vulnerability scanner suffered a supply-chain attack by TeamPCP, distributing credential-stealing malware through official releases and GitHub Actions.
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm
The Trivy supply chain attack is suspected to have led to the compromise of 47 npm packages with a new self-propagating worm dubbed CanisterWorm.
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Russian Intelligence Services are conducting phishing campaigns to compromise Signal and WhatsApp accounts of individuals with high intelligence value, as warned by CISA and the FBI.
Critical Quest KACE Vulnerability Potentially Exploited
A critical vulnerability, CVE-2025-32975, in Quest KACE is potentially being exploited in attacks, particularly against the education sector.
Oracle Patches Critical CVE-2026-21992 in Identity Manager
Oracle has released an emergency patch for CVE-2026-21992, a critical unauthenticated remote code execution flaw in Identity Manager and Web Services Manager.
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV
CISA added five new vulnerabilities, including flaws in Apple, Craft CMS, and Laravel Livewire, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by April 3, 2026.
Azure Monitor Alerts Abused for Callback Phishing
Threat actors are abusing Microsoft Azure Monitor alerts to send callback phishing emails impersonating Microsoft Security Team warnings about unauthorized charges.
Google Adds ‘Advanced Flow’ for Safe APK Sideloading on Android
Google introduced "Advanced Flow" in Android to provide a more secure method for power users to sideload APKs from unverified developers.