# Archive
Browse past daily curated stories
Wednesday, March 25, 2026
-
1BleepingComputer generalPopular LiteLLM PyPI package compromised in TeamPCP supply chain attack
TeamPCP hackers compromised the popular LiteLLM Python package on PyPI, pushing malicious versions 1.82.7 and 1.82.8 containing credential harvesters and Kubernetes lateral movement toolkits. This supply chain attack affects hundreds of thousands of devices and follows the group's recent compromises of Trivy and Checkmarx KICS security tools.
-
2BleepingComputer generalPTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
PTC warns of a critical remote code execution vulnerability in Windchill and FlexPLM product lifecycle management solutions, describing it as an imminent threat. The flaw affects widely-used enterprise PLM platforms that manage product development across manufacturing organizations.
-
3CyberScoop generalDarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses
DarkSword's leaked GitHub repository contains iPhone exploitation tools that security researchers warn could democratize iOS 18 attacks previously limited to nation-states. The leak potentially puts hundreds of millions of iOS devices at risk by making elite hacking tools accessible to broader threat actors.
-
4The Record threat-intelStryker says malware was involved in recent cyberattack as production lines reopen
Stryker confirmed malware involvement in a cyberattack attributed to Iranian actors that wiped over 200,000 company devices two weeks ago. The medical device manufacturer is now reopening production lines after the destructive attack disrupted operations.
-
5BleepingComputer generalFCC bans new routers made outside the USA over security risks
The FCC updated its Covered List to ban all consumer routers manufactured in foreign countries from U.S. sale, citing unacceptable national security risks. The sweeping ban affects new router models unless manufacturers obtain specific exemptions from regulators.
-
6CyberScoop generalRussian access broker sentenced to over 6 years in prison for ransomware schemes
Russian cybercriminal Aleksei Volkov received an 81-month federal prison sentence for serving as an initial access broker for the Yanluowang ransomware group. The 26-year-old from St. Petersburg pleaded guilty to six charges related to facilitating ransomware attacks against U.S. companies.
-
7The Hacker News generalCitrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix released patches for two NetScaler vulnerabilities, including critical CVE-2026-3055 (CVSS 9.3) that allows unauthenticated attackers to exploit insufficient input validation for memory overread attacks. The flaw enables remote data leakage from NetScaler ADC and Gateway applications without authentication.
-
8SecurityWeek generalExtortion Group Claims It Hacked AstraZeneca
The Lapsus$ extortion group claims to have breached pharmaceutical giant AstraZeneca, allegedly compromising internal code repositories, employee credentials, and sensitive data. The hackers are demanding payment to prevent public release of the stolen information.
-
9BleepingComputer generalInfinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely-used K-12 student information system, disclosed a data breach following extortion attempts by the ShinyHunters threat group. The breach affects student and educational data across multiple school districts that rely on the platform for student records management.
-
10SecurityWeek general3.1 Million Impacted by QualDerm Data Breach
QualDerm Partners disclosed a data breach affecting 3.1 million patients after hackers stole personal information, medical records, and health insurance data from internal systems. The dermatology services provider confirmed unauthorized access to sensitive patient healthcare information.