The Lyceum: Cybersecurity Daily — Mar 27, 2026

Your security scanner stole your cloud keys. Your AI routing library shipped malware for five hours. Your iPhone exploit kit is now on GitHub for anyone to download. This is a week where the tools defenders trust became the weapons attackers wielded — and CISA just made it official by adding Trivy to the KEV catalog. If you run CI/CD pipelines, AI infrastructure, or iPhones on anything older than iOS 26, today's newsletter is a to-do list.

• CVE-2026-33634 — Aqua Security Trivy (malicious v0.69.4): actively exploited, added to CISA KEV on March 26, federal remediation deadline April 9. Supply-chain compromise embedding credential-stealing malware in a security scanner's CI/CD pipeline.
• CVE-2026-33017 — Langflow visual AI workflow builder: actively exploited unauthenticated RCE, CVSS ~9.3, added to CISA KEV with April 8 federal deadline. Thousands of internet-exposed instances visible.
• CVE-2025-60787 PoC — motionEye webcam manager (≤0.43.1b4): public RCE exploit via config file injection, commonly deployed as root on Raspberry Pi/Docker. Expect scanning to follow.
• CVE-2025-25198 PoC — mailcow (≤2025-01a): Host-header password-reset poisoning exploit published, CVSS 7.1. Patch available; self-hosted mail admins should update before mass-scanning begins.
• CVE-2025-4802 PoC — glibc 2.27–2.38: local privilege escalation via LD_LIBRARY_PATH abuse in setuid binaries. Fresh exploit code makes this a stepping stone to root on multi-tenant Linux systems.
• CVE-2023-6553 PoC — WordPress Backup Migration plugin: unauthenticated RCE (CVSS 9.8), point-and-click exploit now public. Patch available since v1.3.8; 900K+ installs at risk.

CISA added CVE-2026-33634 — the Aqua Security Trivy supply chain compromise — to its Known Exploited Vulnerabilities catalog on March 26, with a federal remediation deadline of April 9. That deadline is your outer bound, not your target.

Here's the uncomfortable part: Trivy is a security scanner. It's the tool that's supposed to catch malicious code. It runs inside CI/CD pipelines — the automated assembly lines that build and deploy software — with access to cloud credentials, SSH keys, and Kubernetes tokens by design. Compromise it, and you don't just get code; you get every secret the pipeline touches. Legit Security's analysis details how the backdoor harvested credentials while scans appeared to complete normally. The green checkmark lied.

The group behind it, TeamPCP (also tracked as DeadCatx3 and ShellForce), didn't stop at Trivy. On March 24, they published malicious LiteLLM versions (1.82.7 and 1.82.8) directly to PyPI. Between 10:39 and 16:00 UTC, anyone who ran pip install litellm without pinning a version got malware that stole SSH keys, cloud tokens, and crypto wallets. LiteLLM is the Python library thousands of AI applications use to route calls between language models — meaning this attack now touches AI infrastructure directly.

What changes: if TeamPCP sells or releases the harvested credentials, expect a second wave of cloud compromises that dwarfs the original incident. CISA's unusual remediation language — noting that "additional vendor-provided guidance must be followed" — signals the blast radius is still being mapped. If your team ran Trivy between March 19–22, rotate every secret that pipeline touched. Today.

We covered DarkSword's technical internals on March 22. What changed in the last 24 hours is who can use it: the exploit kit was published on GitHub, and TechCrunch's mainstream explainer broke the story to a general audience. What was a nation-state tool is now a script-kiddie starter pack.

There are now two security classes of iPhone users. Those on iOS 26 with iPhone 17 hardware get Memory Integrity Enforcement — a mitigation that blocks the memory corruption class DarkSword relies on. Everyone else — roughly a quarter of Apple's 2.5+ billion active devices — remains vulnerable. Meanwhile, a parallel kit called Coruna is resurrecting 2023 Triangulation zero-days and chaining them into updated kernel paths targeting iOS 13 through 17.2.1, confirming the pattern: proven exploits get repackaged into commodity kits.

Jailbreak communities are already wiring DarkSword primitives into hobbyist tools, accelerating the move from "custom race car" to "off-the-shelf engine." The observable signal: if DarkSword-derived exploits appear in commercial spyware offerings within the next 30 days, the threat model expands from targeted surveillance to mass deployment. Update to iOS 26. If you can't, enable Lockdown Mode now.

You've probably never heard of "device code phishing" — and that's exactly what makes it effective. It exploits a legitimate Microsoft login flow designed for devices that can't easily type passwords (smart TVs, printers) to silently steal your authenticated session. No malware. No password entry. Just a prompt asking you to visit a URL and enter a code.

Researchers are tracking an active campaign targeting Microsoft 365 identities across 340+ organizations in the US, Canada, Australia, New Zealand, and Germany, first spotted February 19 and accelerating since. The infrastructure runs through Cloudflare Workers — a completely legitimate service used by tens of thousands of companies — with stolen sessions routed to Railway, a platform-as-a-service. Blocking Cloudflare wholesale would break half the internet, which is precisely the point.

Construction, nonprofits, real estate, manufacturing, financial services, healthcare, legal, and government are all on the target list. The tell-tale sign: an unexpected "Sign in to your account" prompt you didn't initiate. If Microsoft publishes updated Conditional Access guidance for device code flow in the coming days, it likely means the campaign has been formally attributed and the scale is larger than currently reported. Audit your Conditional Access logs for unusual device code authentication flows, and consider blocking device code flow entirely for users who don't need it — most don't.

Medical device manufacturer Stryker updated its ongoing incident disclosure: no ransomware, no self-spreading malware — just a non-propagating malicious file that let intruders run hidden commands inside their network. Working with Palo Alto Networks' Unit 42 and federal authorities, Stryker contained the intrusion and ejected the attackers, but customer-facing systems including ordering and shipping remain partially offline as of March 26.

This matters because it's the kind of intrusion that doesn't make headlines until the supply chain effects hit. Hospitals relying on Stryker equipment for surgical instruments, implants, and medical devices feel the disruption in delayed orders and manual workarounds. The broader signal: not every impactful breach is noisy. Attackers running stealth commands in a medtech environment can cause outsized downstream harm without ever encrypting a file. If you're in healthcare operations, validate your detection capabilities for silent intrusions — the ones that never trigger a ransom note.

Xakep.ru reports that Russian authorities have arrested the administrator of LeakBase, a prominent hack forum used for trading stolen credentials and personal data. The arrest connects to the broader international LeakBase takedown operation involving 14 countries that surfaced in earlier reporting this month. This is significant because LeakBase served as infrastructure for downstream credential-stuffing and extortion campaigns — its disruption may temporarily reduce the supply of fresh breach data on Russian-language forums, though successor platforms typically emerge quickly.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru details new research into the server-side components of ClayRat, a remote access trojan whose developer was previously arrested. Researchers gained access to the malware's command-and-control backend, revealing panel architecture, victim management workflows, and exfiltration mechanisms. Understanding C2 infrastructure at this level helps defenders build better detection signatures and anticipate how similar toolkits operate — particularly relevant as RAT-as-a-service offerings proliferate.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

CERT-UA Advisory #19542 documents UAC-0001 (APT28, Russia's GRU-linked threat group) conducting active cyberattacks against Ukraine and EU member states using an exploit for CVE-2026-21509. The advisory provides indicators of compromise and tactical details for defenders in targeted regions. Organizations in EU government and defense sectors should review the advisory for IOCs and detection guidance immediately.

Source: CERT-UA — Ukrainian. No English-language coverage confirmed at time of publication.

A security scanner that steals your secrets while giving you a green checkmark. An iPhone exploit kit that went from classified to GitHub in a week. A researcher who reported a bug and got served papers instead of a bounty.

Somewhere, a motionEye Raspberry Pi running as root with a default config is about to become the most interesting device on someone's botnet — and its owner thinks it's just watching the driveway.

Stay sharp. Rotate something.

If someone you know runs CI/CD pipelines, iPhones, or a security camera on a Pi, forward this — they'll thank you before Monday.