Mar 28 2026
We are back in action, thanks to all our loyal subscribers and Welcome to Gone Phishing, your weekly cybersecurity newsletter that leaves cybercriminals sleeping with the phishes 🐟🐠🐡
ChatGPT is insanely powerful.
But most people waste 90% of its potential by using it like Google.
These 1,000+ proven ChatGPT prompts fix that and help you work 10X faster.
Sign up for Superhuman AI and get:
1,000+ ready-to-use prompts to solve problems in minutes instead of hours—tested & used by 1M+ professionals
Superhuman AI newsletter (3 min daily) so you keep learning new AI tools & tutorials to stay ahead in your career—the prompts are just the beginning
1. LiteLLM Supply Chain Attack: 97M-Download AI Package Poisoned by TeamPCP
Threat group TeamPCP compromised LiteLLM's CI/CD pipeline via a prior Trivy scanner breach, publishing malicious versions 1.82.7 and 1.82.8 to PyPI. The malware stole SSH keys, cloud tokens, Kubernetes secrets, and .env files, exfiltrating 300GB from 500,000+ systems in ~3 hours. Users at Stripe, Netflix, Google, CrewAI, DSPy, and MLflow may be affected — rotate all credentials immediately.
2. Interlock Ransomware Exploited Cisco FMC Zero-Day (CVE-2026-20131, CVSS 10.0) 36 Days Before Patch
Interlock exploited a max-severity unauthenticated Java deserialization RCE in Cisco FMC from January 26 — 36 days before the March 4 patch. CISA ordered federal agencies to patch by March 22.
3. Microsoft March 2026 Patch Tuesday: 79 Vulnerabilities Including Two Zero-Days
Two zero-days: CVE-2026-21262 (SQL Server → sysadmin escalation) and CVE-2026-26127 (.NET 9/10 remote crash). Eight Critical flaws including CVE-2026-21536 (CVSS 9.8 unauthenticated RCE).
4. PolyShell: 56% of Vulnerable Magento / Adobe Commerce Stores Under Active Attack
Mass exploitation began 2 days after March 17 disclosure. Novel WebRTC-based card skimmer deployed. No stable-branch patch from Adobe yet.
5. Critical Langflow CVE-2026-33017 (CVSS 9.3) Weaponized Within 20 Hours of Disclosure
Unauthenticated exec() RCE via unprotected build endpoint. Sysdig saw active scanning before any public PoC existed. All versions ≤1.8.1 affected.
6. LAPSUS$ Claims AstraZeneca Breach — 3GB of Source Code and Cloud Credentials
Claimed March 26: Java/Python/Angular source, AWS/Azure configs, RSA private keys. Attempting to sell via Session app. AstraZeneca unconfirmed but GitHub action logs with hardcoded secrets shared as proof.
7. Bearlyfy Pro-Ukrainian Group Deploys Custom GenieLocker Ransomware Against 70+ Russian Firms
Custom Windows ransomware inspired by Venus/Trinity families. Dual goals: financial extortion + sabotage. Infrastructure overlaps with PhantomCore and Head Mare.
8. CISA Adds Zimbra XSS (CVE-2025-66376) and SharePoint RCE (CVE-2026-20963) to KEV
Zimbra stored XSS via malicious HTML email; SharePoint unauthenticated deserialization RCE (CVSS 8.8). Federal agencies ordered to patch SharePoint by March 21.
9. Three Vulnerabilities in LangChain and LangGraph Expose AI App Secrets and Filesystem Data
Flaws expose environment secrets, API keys, filesystem data, and conversation histories in widely used LLM app frameworks.
10. Hackers Exploit Langflow Flaws to Deploy Flodrix Botnet (Dark Reading)
Multiple threat actors using Langflow RCE to install Flodrix botnet for DDoS and deeper intrusion, beyond initial ransomware operators.
Key Themes This Week:
AI Infrastructure as Prime Attack Surface — LiteLLM, LangChain/LangGraph, and Langflow all hit this week; AI tooling is the new supply chain weak point
Zero-Day Windows Now Measured in Hours — Cisco FMC exploited 36 days pre-patch; Langflow hit within 20 hours of disclosure
Geopolitical Cyber Ops at Criminal Scale — Bearlyfy/GenieLocker, LAPSUS$/AstraZeneca, and TeamPCP all blur the line between cybercrime and nation-state warfare
AI won’t take your job, but a person using AI might. That’s why 2,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
Let us know what you think.
So long and thanks for reading all the phish!
