Security Leftovers

posted by Roy Schestowitz on Mar 25, 2026

• Trail of Bits ☛ Spotting issues in DeFi with dimensional analysis

  Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning!

  One of the first lessons in physics is learning to think in terms of dimensions. Physicists can often spot a flawed formula in seconds just by checking whether the dimensions make sense. I once had a teacher who even kept a stamp that said “non-homogeneous formula” for that purpose (and it was used a lot on students’ work). Developers can use the same approach to spot incorrect arithmetic in smart contracts.

• Scoop News Group ☛ Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

  Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims.

• ISTIO-SECURITY-2026-002

  All releases since the introduction of the mesh gateway option in the `VirtualService` resource
  

  The Istio Security Committee wants to address a possible Man-in-the-Middle attack scenario in which a VirtualService can redirect or intercept traffic within the service mesh. It affects only namespace-based Multi-Tenant environments.

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (strongswan and vlc), Fedora (cmake, giflib, and python-diskcache), SUSE (curl, docker-stable, freeciv, freerdp, freerdp2, freetype2, go1.25-openssl, go1.26-openssl, GraphicsMagick, gvfs, harfbuzz, kernel, lemon, libpng16, librsvg, libsodium, libsoup, net-snmp, protobuf, python-Authlib, python-maturin, python-tornado6, python310, python311-pypdf, python311-PyPDF2, python314, python39, rust-keylime, strongswan, systemd, ucode-intel, util-linux, and vim), and Ubuntu (gvfs, linux-aws-6.8, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-hwe-5.4, linux-ibm, linux-intel-iot-realtime, linux-nvidia-tegra-igx, linux-realtime-6.17, pyopenssl, rust-sized-chunks, strongswan, systemd, and tiff).

• XSAs released on 2026-03-24

  The Xen Project has released one or more Xen security advisories (XSAs).

• LWN ☛ LiteLLM on PyPI is compromised

  This issue

  report describes a credential-stealing attack buried within LiteLLM

  1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety

  of information, including SSH keys, credentials for a number of cloud

  services, crypto wallets, and so on. Anybody who has installed this

  package has likely been compromised and needs to respond accordingly.

• SANS ☛ SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)

• SANS ☛ Detecting IP KVMs, (Tue, Mar 24th)

• Tom's Hardware ☛ FCC bans import of new consumer routers not made in the US over security threat — agency says foreign-made devices pose ‘unacceptable risk’ to US persons [Ed: Only back doors controlled by the Cheeto regime are acceptable?]

  The FCC says that it will no longer certify foreign-made routers, effectively making them illegal to sell in the U.S., unless the manufacturer can secure a "Conditional Approval" from the Department of War or the Department of Homeland Security.

• Pen Test Partners ☛ Insecure IAM is the root of many cloud security failures

  TL;DR   Introduction Identity and Access Management, or IAM, is one of the most important security controls in any cloud environment. If it is weak, attackers can often work around the protections that sit on top of it.  We see this regularly in cloud penetration tests.

• Security Week ☛ Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

  An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory.

• Security Week ☛ 3.1 Million Impacted by QualDerm Data Breach

  Hackers stole personal, medical, and health insurance information from the company’s internal systems.

• Security Week ☛ Extortion Group Claims It Hacked AstraZeneca

  The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data.

  >

• Security Week ☛ Chrome 146 Update Patches High-Severity Vulnerabilities

  The software refresh fixes eight memory safety bugs affecting seven Chrome components.

• Inside Pay2Key: Technical Analysis of a Linux Ransomware Variant

  As the geopolitical landscape continues to evolve, Morphisec Threat Labs is bringing technical focus to threats that have gone under-analyzed. Pay2Key, an Iranian-attributed ransomware group, has not been prominently active in recent campaigns, but their Linux variant offers a valuable lens into techniques that are shared across multiple active ransomware families today.