If you run F5 BIG-IP APM and haven't patched since October 2025, stop reading and go do that. Then come back. CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog Friday afternoon. US federal civilian agencies have until Monday, March 30 to assess exposure and mitigate. That'
If you have developers running npm packages, PyPI libraries, VS Code extensions, or AI-assisted tooling, stop what you're doing and read this. GlassWorm — the supply chain campaign we've been tracking since early March — just evolved again. This time it's got a hardware wallet phisher,
If you ran Trivy in your CI/CD pipeline between late February and March 22, 2026, you may have handed your cloud credentials to an attacker. Not because of a misconfiguration. Not because you made a mistake. Because the scanner itself was the payload. Here's what happened, what
Rapid7 dropped a new report today on Red Menshen, the China-linked threat group that has been quietly embedded inside telecommunications infrastructure since at least 2021. The headline tool: BPFDoor, a Linux backdoor that Rapid7 describes as creating "hidden trapdoors embedded within the operating system itself." This is not
title: "Your Security Scanner Is Now the Attack: The Trivy Supply Chain Compromise" tags: ["supply chain", "CI/CD", "Trivy", "LiteLLM", "TeamPCP", "credential theft"] If you use Trivy in your CI/CD pipelines, stop what you'
If you're running Aqua Security's open-source Trivy scanner in your CI/CD pipelines, stop what you're doing and check your versions. If any workflow executed the compromised `v0.69.4` components - anytime between late February and March 22, 2026 - assume every secret
If you run Trivy in your CI/CD pipelines — and at this point, a huge slice of the industry does — you need to stop what you're doing and check your version. Aqua Security confirmed this week that threat actors successfully compromised the open-source Trivy vulnerability scanner's
A new vulnerability chain published today breaks Dell Wyse Management Suite (WMS) On-Premises wide open — no credentials required, full remote code execution on the management server. The research comes from PTsecurity. Two bugs that look manageable on paper turn into something that isn't when you chain them. If
title: "CVSS 10.0 Quest KACE SMA Bug Is Being Actively Exploited — Attackers Are Already at Your Domain Controllers" slug: "cve-2025-32975-quest-kace-sma-active-exploitation" tags: ["vulnerability", "active-exploitation", "endpoint-management", "ransomware", "cvss-10"] A maximum-severity authentication bypass in Quest KACE Systems Management
Aqua Security's Trivy scanner has been compromised in a rolling supply chain attack that began quietly in late February and is still escalating as of March 23. If your pipelines use Trivy, assume they're affected until you've verified otherwise. Here's what happened,
If you're running Quest KACE Systems Management Appliance and you haven't patched since May 2025, you may already be compromised. Arctic Wolf researchers detected active exploitation of CVE-2025-32975 — a CVSS 10.0 authentication bypass in KACE SMA's Single Sign-On mechanism — beginning the week of
CVE-2026-33017 dropped on March 17. By March 18, attackers were already inside exposed Langflow instances, dumping environment variables and walking off with OpenAI, Anthropic, and AWS credentials. No public proof-of-concept. No pre-made tooling. Attackers built working exploits from the advisory text alone and had shells in under a day. What
