Security Leftovers

posted by Roy Schestowitz on Mar 31, 2026

• Unicorn Media ☛ AI is Open Source’s Big Moment. Is it Ready?

  When models can audit firmware and legacy binaries at scale, hiding vulnerabilities stops working. Open, patchable code becomes a core security requirement.

• Security Week ☛ Telnyx Targeted in Growing TeamPCP Supply Chain Attack

  Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.

• Pen Test Partners ☛ Digital Operational Resilience Act (DORA)

  What DORA is, who it affects, and what “good” looks like  If you run a financial services business in the EU, or you provide tech to one, DORA (the Digital Operational Resilience Act) is now part of your world. 

• SANS ☛ TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)

• Troy Hunt ☛ HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API

  Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

  For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches.

• LWN ☛ Security updates for Monday

  Security updates have been issued by AlmaLinux (freerdp, golang, and ncurses), Debian (asterisk, bind9, gst-plugins-base1.0, gst-plugins-ugly1.0, gvfs, incus, libxml-parser-perl, nodejs, php-phpseclib, php-phpseclib3, phpseclib, and strongswan), Fedora (bcftools, bind, bind-dyndb-ldap, chromium, dotnet10.0, dotnet8.0, dotnet9.0, giflib, htslib, libsoup3, libtasn1, maturin, mingw-expat, mingw-freetype, mongo-c-driver, perl-XML-Parser, php-phpseclib, php-phpseclib3, pypy, pypy3.10, pypy3.11, python-cryptography, python-fastar, python-ply, python-pycparser, python-uv-build, python3.11, python3.12, python3.13, python3.6, roundcubemail, rubygem-json, rust-ambient-id, rust-astral-reqwest-middleware, rust-astral-reqwest-retry, rust-astral-tokio-tar, rust-astral_async_http_range_reader, rust-cargo-c, rust-ingredients, rust-native-tls, rust-nix, rust-openssl-probe, rust-openssl-probe0.1, rust-pty-process, rust-reqsign, rust-reqsign-aliyun-oss, rust-reqsign-aws-v4, rust-reqsign-azure-storage, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-google, rust-reqsign-http-send-reqwest, rust-reqsign-huaweicloud-obs, rust-reqsign-tencent-cos, rust-rustls-native-certs, rust-sequoia-chameleon-gnupg, rust-tar, rust-webpki-root-certs, rustup, samtools, suricata, uv, and vim), Mageia (cmake, libpng, nodejs, python-ujson, and strongswan), Red Hat (python3 and python3.9), SUSE (389-ds, amazon-cloudwatch-agent, capstone, chromium, containerd, cosign, curl, docker-compose, docker-stable, exiv2, expat, firefox, freeipmi, freerdp, gimp, glusterfs, govulncheck-vulndb, gstreamer-plugins-ugly, jupyter-bqplot-jupyterlab, jupyter-jupyterlab-templates, jupyter-matplotlib, kea, kernel, libsodium, libtpms-devel, LibVNCServer, nghttp2, nginx, poppler, python-dynaconf, python-ldap, python-nltk, python-orjson, python-pyasn1, python-pydicom, python-PyJWT, python-pyopenssl, python-tornado6, python311, python311-cbor2, python311-deepdiff, python311-intake, python311-jsonpath-ng, python311-lmdb, python311-oci-sdk, python312, rclone, redis, salt, tomcat11, v2ray-core, and vim), and Ubuntu (linux-ibm-5.4).

• Security Week ☛ F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

  Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue.

• Security Week ☛ FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

  The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.

• Security Week ☛ Exploitation of Fresh Citrix NetScaler Vulnerability Begins

  The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs.

• Security Week ☛ Healthcare IT Platform CareCloud Probing Potential Data Breach

  The company has disclosed a cybersecurity incident involving one of its electronic health record environments.

• LinuxInsider ☛ The Patching Paradox Driving Most Breaches

  Nearly 93% of organizations identify vulnerabilities before attackers do — yet many still get breached after fixes are available, fueling a new era of “zombie software” and unmanaged legacy risk.

  More than 60% of enterprise breaches now stem from vulnerabilities with available patches, underscoring a breakdown in execution rather than a lack of information.

  TuxCare’s third annual 2026 Open Source Landscape Report, released last month, confirms that this pattern persists across enterprise environments — and shows little sign of improving.

  The report also points to a maturing open-source landscape, as IT teams become more deliberate in how they deploy, manage, and scale open-source software.

• Applications

  • LWN ☛ Rspamd version 4.0.0 released

    Version

    4.0.0 of the Rspamd

    spam-filtering system has been released. Notable new features include

    HTML fuzzy phishing detection, support for up to eight flags with fuzzy

    hashes, and more. See the changelog for more on

    improvements, breaking changes, and bug fixes.