The Lyceum: Cybersecurity Daily — Mar 26, 2026

Three different categories of software that people install and forget about — AI pipeline builders, e-commerce platforms, and WordPress backup plugins — all have working exploits circulating in the wild right now, and attackers are already using at least two of them at scale. Meanwhile, law enforcement landed two wins against the criminal supply chain: the botnet operator who sold ransomware gangs their front door just got sentenced, and a RedLine infostealer operator landed in U.S. custody. It's a day where the patch queue is long, the exploit code is public, and the only comfort is that a couple of the people responsible are finally in handcuffs.

• CVE-2026-33017 — Langflow (AI pipeline platform): actively exploited, no-auth code injection. CISA KEV addition March 25; federal remediation due April 8.
• CVE-2026-21262 / CVE-2026-26127 — Windows (March Patch Tuesday): two publicly disclosed zero-days patched March 11. Elevation of privilege flaws; apply if not already current.
• KB5085516 — Microsoft OOB fix — Windows: emergency out-of-band patch for sign-in failures caused by the March security update. Deploy to affected endpoints immediately.
• CVE-2026-1357 PoC — WPvivid Backup & Migration plugin (WordPress): CVSS 9.8, unauthenticated RCE. Working exploit published; 900,000 sites exposed.
• CVE-2025-60787 Metasploit module — motionEye 0.43.1b4: RCE via config file injection. CVSS 7.2, no official patch; Metasploit module now public.
• CVE-2025-25198 PoC — mailcow (self-hosted email): password reset poisoning via Host header injection. Patched in 2025-01a; public exploit code live today.

Langflow is the drag-and-drop platform developers use to wire up AI agents, RAG pipelines (systems that connect large language models to your internal data), and automation workflows. It is popular; it makes complex AI plumbing easy. It is dangerous: CVE-2026-33017 lets anyone on the internet inject and execute code on a Langflow instance — no login required.

CISA added the flaw to its Known Exploited Vulnerabilities catalog yesterday based on confirmed active exploitation, with a federal remediation deadline of April 8. The practical risk goes beyond the Langflow server itself: these instances typically store API keys for OpenAI, Anthropic, database credentials, and internal service tokens in their pipeline configurations. An attacker who compromises a Langflow instance gains access to resources it's connected to.

If your organization runs Langflow — and many AI teams spun up instances in proof-of-concept environments that never got hardened — update immediately and restrict network access to trusted IPs. The real exposure isn't in federal agencies (who have mandated deadlines); it's in startup labs, university research clusters, and enterprise AI teams with no formal patching process. If no patch is available for your version, take the instance offline. The signal to watch: if scanning volume spikes in the next 48 hours, it indicates automated exploitation tools may have incorporated the flaw, and any exposed instance should be treated as compromised.

Researchers at Sansec documented mass exploitation beginning March 19, with over 50 IP addresses scanning and 56.7% of vulnerable storefronts confirmed compromised as of March 19. More than half of all vulnerable Magento and Adobe Commerce stores had been compromised as of that date.

What makes this campaign genuinely novel is the exfiltration method. Once inside, attackers deploy a payment skimmer that uses WebRTC data channels — the same browser technology that powers video calls — to steal credit card numbers. WebRTC is a trusted, built-in browser feature that communicates over encrypted UDP, which means most security tools watching for suspicious HTTP requests or DNS queries will miss the theft entirely. It's a private phone line your alarm system doesn't know exists. Sansec identified payload hosting tied to IP 202.181.177.177 and injected files planted under pub/media/custom_options/, a directory traditional scanners often skip.

If you operate a Magento or Adobe Commerce site: block write access to that directory, scan for webshells, and look for anomalous UDP connections from checkout pages. Adobe published a beta patch on March 10, but production rollouts are lagging. If you're a shopper, virtual card numbers are your best defense. The technique itself — WebRTC as a covert exfiltration channel — will spread to other skimmer campaigns. Watch for security vendors releasing detection signatures for WebRTC-based data theft in the coming days; their absence is the signal that defenders are still behind.

Ilya Angelov, a Russian national from Tolyatti, has been sentenced to two years in federal prison and fined $100,000 for co-managing a botnet that served as the front door for ransomware attacks against American companies. Operating under the aliases "milan" and "okart," Angelov ran a group tracked as TA551 (also known as Shathak and Gold Cabin) between 2017 and 2021. TA551 wasn't a ransomware gang — it was the middleman. The group infected machines through malware-laden spam, then sold access to individual compromised systems to ransomware operators who deployed the payloads.

This "initial access broker" model is how most modern ransomware attacks actually begin, making groups like TA551 critical infrastructure for the entire criminal ecosystem. Disrupting brokers is arguably more effective than chasing ransomware brands, which rebrand constantly. In a related development, an alleged RedLine infostealer operator has been extradited to U.S. custody, continuing the pressure on malware-as-a-service operators.

Two years is a modest sentence for enabling years of ransomware. And Angelov is presumably still in Russia, where enforcement of the sentence is largely symbolic. The real question is whether DOJ files additional charges against named co-conspirators — if it does, that signals an ongoing operation against the initial access broker layer that's worth tracking closely.

CVE-2026-1357 affects WPvivid Backup & Migration, a plugin installed on over 900,000 WordPress sites. The flaw allows an unauthenticated attacker — no login, no credentials — to upload arbitrary files and achieve remote code execution, handing full control of the web server to anyone who finds it. As of today, Exploit-DB has published a working proof-of-concept exploit, which means the gap between "theoretical risk" and "automated mass scanning" is measured in hours.

WordPress backup plugins are attractive targets precisely because they handle sensitive operations — file system access, database dumps, migration credentials — with broad permissions. A compromised backup plugin doesn't just give an attacker your website; it gives them your database contents, user credentials, and often the keys to your hosting account.

If your WordPress site uses WPvivid, open your dashboard right now: Plugins → Updates → apply any available update. If you use managed hosting, contact your provider to confirm the patch is deployed. The signal that mass exploitation has begun will be reports from WordFence or Sucuri of bulk WordPress compromises planting cryptominers or redirect scripts — expect those within 24 hours if the plugin's install base doesn't patch fast.

Check Point Research published new findings on "Silver Dragon," a campaign targeting organizations across Southeast Asia and Europe. The research details the threat actor's tooling, infrastructure, and targeting patterns — focused on government and technology sectors in the region. This is notable because it represents a fresh, named campaign with cross-regional reach that hasn't appeared in English-language press yet, and the targeting profile overlaps with sectors already under pressure from Chinese-nexus and Southeast Asian threat clusters documented in Check Point's recent weekly intelligence reports.

Source: Check Point Research — English (first publication, not yet picked up by English-language press). No English-language coverage confirmed at time of publication.

Xakep.ru reports that the Tycoon2FA phishing-as-a-service platform — which specializes in bypassing two-factor authentication by proxying login sessions in real time — has rebuilt its infrastructure and resumed operations after a recent law enforcement disruption. The platform's recovery underscores how quickly criminal SaaS operations can reconstitute, and it means organizations relying on standard MFA are again facing an active, industrialized bypass service. This directly connects to the broader theme of MFA-bypass tooling that has dominated phishing trends throughout early 2026.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru covers the release of Kali Linux 2026.1, which adds eight new security tools and introduces a "BackTrack mode" — a visual throwback to the pre-Kali penetration testing distribution. While nostalgic, the practical significance is in the new tooling additions, which expand Kali's capabilities for cloud and container testing. Offensive security teams should review the changelog for tools relevant to their current engagement scopes.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

A vulnerability researcher was threatened with legal action for reporting a bug, a botnet middleman gets two years for enabling ransomware, and 900,000 WordPress sites are learning that "backup plugin" and "remote code execution" fit in the same sentence. The real innovation today is a credit card skimmer that hides stolen numbers inside your browser's video call plumbing — finally, a use for WebRTC that someone actually adopted at scale.

Stay paranoid. It's working.

If someone you know runs a Magento store, a WordPress site, or an AI pipeline, forward this before they find out the hard way.