End-of-Day report
Timeframe: Dienstag 31-03-2026 18:00 - Mittwoch 01-04-2026 18:00
Handler: Felician Fuchs
Co-Handler: n/a
News
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.
https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/
FBI warns against using Chinese mobile apps due to privacy risks
The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers.
https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chinese-mobile-apps-over-to-data-security-risks/
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
https://securelist.com/crystalx-rat-with-prankware-features/119283/
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error." No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News.
https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html
Apple Will Push Out Rare -Backported- Patches to Protect iOS 18 Users From DarkSword Hacking Tool
As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26.
https://www.wired.com/story/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool/
Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba-s Physical Access Control System
In this post, Clemens Stockenreitner and Werner Schober of the SEC Consult Vulnerability Lab highlight several critical vulnerabilities found in dormakaba-s physical access control systems based on exos 9300.
https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/
Weaponizing the Protectors: TeamPCP-s Multi-Stage Supply Chain Attack on Security Infrastructure
TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group.
https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/
Databricks mutmaßlich Opfer des TeamPCP LiteLLM-Lieferkettenangriffs
Es gibt die Aussage, dass Databricks (eine cloudbasierte Datenanalyseplattform, die von Unternehmen weltweit zur Verwaltung riesiger Datensätze genutzt wird) mutmaßlich Opfer der Cybergruppe TeamPCP geworden ist.
https://borncity.com/blog/2026/03/30/databricks-mutmasslich-opfer-des-teampcp-litellm-lieferkettenangriffs/
The Real Risk of Vibecoding
This blog looks at how AI-driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows.
https://www.trendmicro.com/en_us/research/26/c/the-real-risk-of-vibecoding.html
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4.
https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
AI Startup Mercor Hit by Supply Chain Attack Linked to LiteLLM
A recent Mercor cyberattack has brought renewed attention to the risks associated with open-source software dependencies, after the AI recruiting startup confirmed it was impacted by a broader supply chain compromise. The Mercor data breach, which is still under investigation, has been linked to a malicious incident involving the widely used LiteLLM project.
https://thecyberexpress.com/mercor-cyberattack/
Vulnerabilities
Schadcode per Klick: Attackierte Chrome-Lücke gefährdet Millionen von Nutzern
In Google Chrome klafft eine Sicherheitslücke, mit der sich per Webseitenaufruf Schadcode einschleusen lässt. Angreifer nutzen das bereits aus.
https://www.golem.de/news/schadcode-per-klick-attackierte-chrome-luecke-gefaehrdet-millionen-von-nutzern-2604-207143.html
Gigabyte Control Center: Schadcode-Lücke in verbreitetem Hardware-Steuertool
Viele Nutzer mit Gigabyte-Hardware verwenden das Gigabyte Control Center. Eine Lücke darin lässt Angreifer unter anderem Schadcode einschleusen.
https://www.golem.de/news/gigabyte-control-center-schadcode-luecke-in-verbreitetem-hardware-steuertool-2604-207159.html
KI findet kritische ImageMagick-Lücken in Standardkonfigurationen
Ein KI-Pentesting-Tool hat in Standardkonfigurationen von ImageMagick kritische Sicherheitslücken aufgespürt. Workarounds schützen.
https://www.heise.de/news/KI-findet-kritische-ImageMagick-Luecken-in-Standardkonfigurationen-11243001.html
LWN Security updates for Wednesday
https://lwn.net/Articles/1065814/