Version History: Security: Vulnerabilities, Supply Chain, and the Defence Landscape

← Back to Security: Vulnerabilities, Supply Chain, and the Defence Landscape

Changelog

DateSummary
27 Mar 2026Added CVE-2026-3055 (Citrix NetScaler, CVSS 9.3), CVE-2026-1731 (BeyondTrust RCE now in active ransomware campaigns), and CVE-2026-32628 (AnythingLLM SQL injection); added LAPSUS$ AstraZeneca breach claim.
25 Mar 2026TeamPCP escalated from Trivy supply chain attack to Iran-targeted Kubernetes wiper; LiteLLM confirmed downstream victim; GlassWorm adopts Solana blockchain C2 dead drops; device code phishing campaign active across 340+ M365 orgs; RSAC 2026 confirms state-sponsored autonomous AI agent espionage campaign.
24 Mar 2026Added two new CVEs: an unpatched telnetd zero-day (CVE-2026-32746) with no patch available, and Oracle Identity Manager RCE (CVE-2026-21992, CVSS 9.8, patch available).
23 Mar 2026Added three new actively exploited CVEs, updated the Trivy section with full attack mechanism and force-push evasion detail, and added the Meta rogue agent incident as the first documented real-world blast radius case.

Snapshots

DateLink
23 Mar 2026View snapshot
24 Mar 2026View snapshot
25 Mar 2026View snapshot
27 Mar 2026View snapshot