Welcome back! This month we’ve seen a lot of action, with both vulnerabilities and security incidents that have left users affected. We bring you the latest cloud security highlights, to help you stay informed and stay secure.
✨Highlights
TeamPCP’s Supply Chain Cascade: From Trivy to LiteLLM
TeamPCP has executed a fast-moving, multi-stage supply chain campaign targeting open-source security and developer tools, beginning with the compromise of Aqua Security’s Trivy and rapidly expanding to KICS GitHub Actions and the LiteLLM Python package. By leveraging stolen CI/CD secrets and compromised service accounts, the actor injected credential-stealing payloads into legitimate releases and workflows, enabling large-scale harvesting of cloud credentials, API keys, and CI/CD secrets from downstream environments. The campaign demonstrates a clear pattern of reuse and escalation, initial access via Trivy was used to pivot into additional ecosystems, with consistent tooling, encryption methods, and exfiltration infrastructure observed across incidents. Notably, the LiteLLM compromise introduced a more advanced persistence mechanism via Python’s .pth execution, ensuring payload execution across any Python process, significantly increasing impact. Overall, this activity highlights how compromising a single trusted component in the software supply chain can enable rapid lateral expansion across ecosystems and widespread access to cloud environments.
Read more in our blogs [1,2,3]
🐞 High Profile Vulnerabilities
High Severity RCE Vulnerability in GitHub Enterprise Server
Wiz Research discovered a high-severity vulnerability (CVE-2026-3854) in GitHub Enterprise Server that allows attackers with repository push access to achieve remote code execution (RCE) on the instance. The issue stems from improper neutralization of special characters in Git push option values, enabling attackers to inject additional metadata into internal service headers.
According to Wiz data, 4% of cloud environments have resources vulnerable to this vulnerability.
Learn more here https://github.com/advisories/GHSA-64fw-jx9p-5j24
Remote Pre-Authentication Buffer Overflow Vulnerability in GNU Inetutils Telnetd
A critical buffer overflow vulnerability (CVE-2026-32746) has been identified in the telnetd service of GNU Inetutils that could allow unauthenticated attackers to achieve remote code execution. The flaw occurs in the LINEMODE SLC (Set Local Characters) negotiation handler and can be triggered during Telnet option negotiation before authentication takes place. Because telnetd commonly runs with root privileges, successful exploitation may allow attackers to fully compromise affected systems.
According to Wiz data, 23% of cloud environments have resources vulnerable to this vulnerability.
Learn more here https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
Critical BIG IP Vulnerability Exploited in-the-Wild
CISA has added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. The vulnerability affects F5 BIG-IP Access Policy Manager and enables unauthenticated remote code execution (RCE) when specific malicious traffic is processed. Originally classified as a denial-of-service issue, the flaw has been reclassified as critical RCE (CVSS 9.3), significantly increasing its risk profile.
According to Wiz data, less than 1% of cloud environments have resources vulnerable to CVE-2025-53521.
Learn more here https://my.f5.com/manage/s/article/K000156741
Critical Vulnerability in NetScaler ADC and Gateway
Critical and high severity vulnerabilities in NetScaler ADC and NetScaler Gateway (CVE-2026-3055, CVE-2026-4368) may allow unauthenticated memory disclosure and user session mixups under specific configurations. The issues impact customer-managed appliances and could lead to exposure of sensitive data or cross-user session confusion, particularly in environments using SAML identity provider configurations or gateway services.
According to Wiz data, 3.5% of cloud environments have resources vulnerable to these vulnerabilities.
Security incidents & campaigns
Iranian-Aligned "MuddyWater" Conducts Multi-Stage Espionage Operation
From mid-February through at least March 4, the Iran-aligned threat actor MuddyWater conducted a multi-stage campaign primarily targeting government, healthcare, aviation, and technology organizations in the Middle East, with limited impact in Europe and the United States. The actors sought initial access by exploiting internet-exposed edge devices-particularly Fortinet and Ivanti systems-using known vulnerabilities and password brute-force attacks, and leveraged a mix of custom and publicly available tools to maintain persistence. Analysis of exposed infrastructure indicates the theft of PII, financial records, and corporate credentials, alongside financially motivated activity such as cryptocurrency and credit card data theft, suggesting a combination of espionage and opportunistic cybercrime.
Learn more here https://ctrlaltintel.com/threat%20research/MuddyWater/#iocs
GitHub Repos Compromised via Account Takeover and Force-Push in Supply Chain Attack
Researchers have identified an active multi-ecosystem supply chain campaign attributed to the GlassWorm threat actor, an Eastern European cybercriminal group. The campaign, its newest wave tracked as FORCEMEMO, combines invisible Unicode character injection, credential theft via trojanized editor extensions, and a novel GitHub force-push attack vector that silently replaces repository commit history with malicious code.
Read more here https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode
Axios NPM Distribution Compromised to Distribute Lightweight Backdoor
On March 31, 2026 two malicious versions of the axios npm package (0.30.4 and 1.14.1) were published. These versions were published directly to npm, and did not have corresponding entries on the main axios github. The malicious versions included a dependency on plain-crypto-js, a malicious package spoofing the legitimate crypto-js package. Plain-crypto-js attempts to download a third stage. These packages were unpublished by npm at roughly 03:20 UTC following broad industry notification.
Although the malicious versions were removed within a few hours, axios’s widespread usage - present in ~80% of cloud and code environments and downloaded ~100 million times per week - enabled rapid exposure, with observed execution in 3% of affected environments.
Read more in our blog https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack
Hold on to your headphones!
Tune in to "Crying Out Cloud", our monthly roundup of cloud security news podcast! Hosted by the talented duo Eden Naftali and Amitai Cohen 👏
Listen on Spotify and Apple Podcasts.