Trivy Supply Chain Hack Threatens 10,000 Victims as DoE Unveils 5-Year Energy Security Plan; Critical Citrix Flaw Demands Immediate Action

1. Executive Summary

This week's intelligence highlights a significant supply chain compromise with far-reaching implications, major federal initiatives to strengthen energy infrastructure, and critical vulnerabilities requiring immediate attention across multiple sectors.

Major Developments

• Supply Chain Attack Escalation: The TeamPCP threat actor has expanded its supply chain campaign beyond the Trivy security tool compromise, now backdooring the popular LiteLLM Python package (versions 1.82.7-1.82.8). Mandiant warns the Trivy compromise alone could impact up to 10,000 downstream victims, with attackers conducting "loud and aggressive" extortion operations.
• Energy Sector Focus: The Department of Energy's CESER division published "Project Armor," a comprehensive five-year plan to harden U.S. critical energy infrastructure against both cyber threats and physical hazards including wildfires. Separately, Poland disclosed a destructive cyberattack against its energy sector in December 2025, suspected to originate from Russia.
• Critical Vulnerability Alert: Citrix has issued urgent patches for NetScaler ADC and Gateway appliances addressing a critical unauthenticated data leak vulnerability. Security firms warn exploitation is imminent given the widespread deployment of these devices in enterprise environments.
• Regulatory Action: The FCC has banned all foreign-made consumer routers from the U.S. market, a sweeping measure that critics warn could create supply chain disruptions with uncertain security benefits.
• Healthcare Breach: QualDerm Partners disclosed a breach affecting 3.1 million individuals, with attackers stealing personal, medical, and health insurance information—underscoring continued targeting of the healthcare sector.

Threat Actor Activity

• TeamPCP continues aggressive supply chain operations targeting developer tools and CI/CD pipelines
• Lapsus$ claims compromise of pharmaceutical giant AstraZeneca's internal systems
• Iranian threat actors (Handala group) conducting hack-and-leak operations; heightened retaliation concerns following U.S. strikes
• Russian national sentenced to 81 months for serving as initial access broker for Yanluowang ransomware

Immediate Action Items

• Audit systems for Trivy and LiteLLM package usage; verify integrity of installed versions
• Prioritize Citrix NetScaler patching for internet-facing appliances
• Review Schneider Electric ICS advisories for Plant iT/Brewmaxx and EcoStruxure Foxboro DCS
• Update Chrome browsers to version 146 addressing high-severity vulnerabilities

2. Threat Landscape

Nation-State Threat Actor Activities

Russian Operations

Poland's cybersecurity authorities disclosed this week that the country faced a significant surge in cyberattacks throughout 2025, culminating in a destructive infiltration of Poland's energy system in December. The attack is suspected to have originated from Russian threat actors, consistent with Moscow's ongoing hybrid warfare campaign against NATO allies supporting Ukraine. This incident underscores the persistent threat to European energy infrastructure from Russian state-sponsored actors.

Analyst Note: U.S. energy sector operators should review their threat models in light of continued Russian targeting of allied nations' energy infrastructure. The tactics and techniques observed in Poland may be adapted for use against U.S. targets.

Iranian Threat Activity

The FBI has released new intelligence linking the Handala hacking group to Iranian government-sponsored hack-and-leak operations targeting opponents of the regime since 2023. Water ISAC has issued a TLP:AMBER+STRICT situation report warning of potential retaliation by Iranian threat actors following recent U.S. military strikes on Iran.

Critical Infrastructure Implications: Iranian threat actors have historically targeted water and energy sectors. Organizations in these sectors should implement heightened monitoring and review incident response procedures. The CISA Iran Cyber Threat Overview provides sector-specific guidance.

In a notable development highlighting the dual-use nature of surveillance infrastructure, reporting indicates Israel leveraged Iran's extensive street camera network—originally built for domestic population control—as a targeting tool in military operations, including the killing of Iran's supreme leader. This demonstrates how surveillance systems can become attack vectors when compromised by adversaries.

Chinese Technology Diversion

Three individuals have been charged with conspiring to unlawfully divert cutting-edge U.S. AI technology to China, highlighting ongoing concerns about technology transfer and intellectual property theft targeting the U.S. technology sector.

Ransomware and Cybercriminal Developments

Supply Chain Compromise Campaign

The TeamPCP threat actor group has significantly expanded its supply chain attack campaign this week:

• Trivy Compromise: The widely-used open-source security scanning tool was compromised, with malicious versions published. Mandiant warns the fallout could impact up to 10,000 downstream victims. The attackers are conducting what experts describe as "loud and aggressive" extortion operations against affected organizations. (CyberScoop)
• LiteLLM Backdoor: TeamPCP has now compromised the popular LiteLLM Python package on PyPI, pushing malicious versions (1.82.7-1.82.8) containing credential harvesters. The threat actor claims to have stolen data from hundreds of thousands of developers. (Bleeping Computer)
• GitHub Actions Compromise: Two additional GitHub Actions workflows have been compromised using stolen CI credentials, expanding the attack surface for organizations using these automation tools. (The Hacker News)

Recommended Actions:

• Immediately audit all systems for Trivy installations and verify version integrity
• Check Python environments for LiteLLM versions 1.82.7 or 1.82.8 and remove/replace
• Review GitHub Actions workflows for unauthorized modifications
• Rotate credentials that may have been exposed through compromised CI/CD pipelines
• Monitor for indicators of compromise associated with TeamPCP operations

Ransomware Sentencing

A 26-year-old Russian national, Aleksei Volkov of St. Petersburg, was sentenced to 81 months (6.75 years) in federal prison for his role as an initial access broker (IAB) for the Yanluowang ransomware group. Volkov facilitated dozens of ransomware attacks causing approximately $9 million in damages. This sentencing demonstrates continued U.S. law enforcement success in prosecuting cybercriminals when they can be apprehended. (Homeland Security Today)

Municipal Ransomware Attack

Foster City, California declared a state of emergency following a ransomware attack to access additional resources for system recovery. This incident highlights the continued vulnerability of local government infrastructure to ransomware operations. (Security Magazine)

Extortion Claims

The Lapsus$ extortion group claims to have compromised pharmaceutical giant AstraZeneca, allegedly accessing internal code repositories, credentials, and employee data. The claim has not been independently verified. Organizations in the pharmaceutical and healthcare sectors should monitor for related threat intelligence. (SecurityWeek)

Emerging Attack Vectors

iOS Zero-Day Leak

A significant leak dubbed "DarkSword" has appeared on GitHub containing elite iPhone exploitation tools. Cybersecurity researchers warn this leak threatens to "democratize" iPhone exploits that were previously reserved for nation-state actors, potentially putting hundreds of millions of iOS 18 devices at risk. Organizations should ensure mobile device management policies are current and monitor for exploitation attempts. (CyberScoop)

Malvertising Campaign

A large-scale malvertising campaign active since January 2026 is targeting U.S. individuals searching for tax-related documents. The campaign serves rogue installers for ConnectWise ScreenConnect containing malware that uses a Huawei driver to disable endpoint detection and response (EDR) solutions. Given the current tax season, this campaign poses elevated risk. (The Hacker News)

Fake Resume Phishing

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that deploy cryptocurrency miners and information stealers. While currently focused on French-speaking targets, similar techniques could be adapted for English-speaking environments. (The Hacker News)

New Malware: StoatWaffle

Security researchers have identified a new malware strain dubbed "StoatWaffle" that auto-executes attacks targeting software developers. This adds to the growing trend of threat actors targeting the software development supply chain. (CSO Online)

Ghost npm Campaign

A new malicious npm package campaign dubbed "Ghost" uses fake installation logs to hide malware deployment. The campaign targets cryptocurrency wallets and credentials, using seven malicious packages to steal sudo passwords and deploy remote access trojans. (The Hacker News)

3. Sector-Specific Analysis

Energy Sector

DoE Project Armor: Five-Year Energy Security Plan

The Department of Energy's Cybersecurity, Energy Security, and Emergency Response (CESER) office has published "Project Armor," a comprehensive five-year initiative to harden U.S. critical energy infrastructure. Key elements include:

• Strengthening energy systems to prevent and recover from wildfires and other natural hazards
• Enhanced cybersecurity measures for grid infrastructure
• Improved coordination between federal agencies and private sector operators
• Investment in resilience technologies and redundant systems

Energy sector operators should review the full plan and identify opportunities for alignment with federal initiatives and potential funding mechanisms. (SecurityWeek)

Poland Energy Sector Attack

Poland's disclosure of a destructive cyberattack against its energy system in December 2025, attributed to Russian actors, provides important lessons for U.S. energy operators:

• Russian threat actors continue to target NATO allies' energy infrastructure
• Attacks are becoming more destructive rather than purely espionage-focused
• Energy sector organizations should review and test incident response plans
• Cross-sector information sharing remains critical for early warning

ICS Vulnerabilities

CISA has released advisories for Schneider Electric systems commonly deployed in energy and industrial environments:

• Schneider Electric EcoStruxure Foxboro DCS: Vulnerability in distributed control systems used in process industries. Review CSAF advisory for technical details.
• Schneider Electric Plant iT/Brewmaxx: Vulnerabilities in manufacturing execution systems. Review CSAF advisory for affected versions and mitigations.

PTC Windchill/FlexPLM Critical Vulnerability

PTC Inc. has issued an urgent warning about a critical remote code execution vulnerability in Windchill and FlexPLM product lifecycle management solutions. These systems are widely used in energy sector supply chain management and engineering workflows. Organizations using these products should prioritize patching. (Bleeping Computer)

Water & Wastewater Systems

Iranian Threat Warning

Water ISAC has issued a TLP:AMBER+STRICT situation report warning of heightened threat environment and potential retaliation by Iranian threat actors following U.S. military strikes on Iran. Water and wastewater utilities should:

• Review and implement CISA's Iran-specific guidance
• Ensure remote access systems are properly secured and monitored
• Verify operational technology (OT) network segmentation
• Review and test incident response procedures
• Report suspicious activity to Water ISAC and CISA

Historical Context: Iranian threat actors have previously targeted U.S. water utilities, including the 2021 Oldsmar, Florida incident and subsequent campaigns targeting programmable logic controllers (PLCs) with default credentials.

Communications & Information Technology

FCC Foreign Router Ban

The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, effectively banning the sale of new foreign-made models in the U.S. market. Critics have raised concerns that this broad approach:

• May create legal and supply chain disruptions
• Could have unclear national security returns compared to targeted bans
• Differs from previous approaches that focused on specific vendors (e.g., Huawei, ZTE)

Organizations should assess their router procurement pipelines and identify potential supply chain impacts. (CyberScoop)

Supply Chain Security

The TeamPCP supply chain compromise campaign has significant implications for IT sector organizations:

• Security tools themselves (Trivy) have become attack vectors
• CI/CD pipelines remain high-value targets
• Python package ecosystem (PyPI) continues to face integrity challenges
• Organizations should implement software bill of materials (SBOM) practices

Browser Security

Google has released Chrome 146, addressing eight memory safety vulnerabilities across seven components, including high-severity issues. Organizations should ensure browser update policies are functioning correctly. (SecurityWeek)

Firefox VPN Feature

Mozilla has released Firefox 149 with a built-in VPN offering 50GB of monthly traffic at no cost. While this enhances privacy for general users, enterprise environments should evaluate whether this feature aligns with organizational security policies. (Bleeping Computer)

Pharos Controls Advisory

CISA has issued an advisory for Pharos Controls Mosaic Show Controller systems used in entertainment and event venues. Organizations using these systems should review the CSAF advisory for vulnerability details and mitigations.

Healthcare & Public Health

QualDerm Data Breach

QualDerm Partners has disclosed a significant data breach affecting 3.1 million individuals. Compromised information includes:

• Personal identifying information
• Medical records and treatment information
• Health insurance details

This breach underscores the continued targeting of healthcare organizations and the high value of medical data to threat actors. Healthcare sector organizations should review their data protection measures and incident response capabilities. (SecurityWeek)

AstraZeneca Extortion Claim

The Lapsus$ group's claimed compromise of AstraZeneca, if verified, would represent a significant breach of a major pharmaceutical company. Healthcare and pharmaceutical organizations should:

• Monitor for related threat intelligence and indicators of compromise
• Review access controls for code repositories and development environments
• Ensure credential hygiene practices are enforced

Infinite Campus K-12 Breach

Infinite Campus, a widely-used K-12 student information system, is warning customers of a data breach following an extortion attempt by the ShinyHunters threat actor. Educational institutions using this platform should:

• Monitor communications from Infinite Campus for breach notification details
• Prepare for potential notification requirements to affected families
• Review data sharing agreements and third-party risk management practices

(Bleeping Computer)

Financial Services

Terrorism Risk Insurance and Cyber Coverage

The U.S. Treasury Department has published a Federal Register notice seeking public comment on how cyber incidents are covered within the Terrorism Risk Insurance Act (TRIA) of 2002. This review could have significant implications for:

• Cyber insurance coverage for terrorism-related cyber events
• Federal backstop availability for catastrophic cyber incidents
• Risk transfer mechanisms for critical infrastructure operators

Financial services organizations and critical infrastructure operators should consider submitting comments to shape policy development. (CyberScoop)

Cryptocurrency Targeting

Multiple campaigns this week specifically target cryptocurrency assets:

• Ghost npm campaign deploying wallet-stealing malware
• Fake resume phishing deploying crypto miners
• LiteLLM backdoor harvesting credentials that may include exchange access

Financial services organizations with cryptocurrency exposure should review endpoint protection and user awareness training.

Government Facilities

Dutch Ministry of Finance Breach

The Dutch Ministry of Finance confirmed a breach of some systems detected last week, affecting employee data. While details remain limited, this incident highlights the continued targeting of government financial institutions by threat actors. (Bleeping Computer)

HackerOne Employee Data Breach

Bug bounty platform HackerOne is notifying employees that their data was stolen after attackers compromised Navia, a U.S. benefits administrator used by the company. This third-party breach demonstrates supply chain risk in HR and benefits systems. (Bleeping Computer)

Defense Industrial Base

AI Technology Diversion

The charging of three individuals for conspiring to divert U.S. AI technology to China highlights ongoing threats to the defense industrial base from technology transfer schemes. Organizations handling sensitive AI and advanced technologies should:

• Review export control compliance programs
• Implement insider threat monitoring
• Ensure proper classification of controlled technologies

Autonomous Systems Development

Draganfly and Palladyne AI announced an integration milestone advancing autonomous swarm capabilities for drone systems. While representing technological advancement, such capabilities also present potential dual-use concerns and highlight the importance of securing autonomous systems development. (Homeland Security Today)

Navy AI Integration

The U.S. Navy has deployed a new AI data engine that transforms ships into self-learning platforms. This advancement in military AI integration underscores the importance of securing AI systems and training data from adversary manipulation. (Homeland Security Today)

4. Vulnerability & Mitigation Updates

Critical Vulnerabilities Requiring Immediate Attention

Citrix NetScaler ADC and Gateway (CRITICAL)

Severity: Critical
Exploitation Status: Security firms warn exploitation is imminent

Citrix has released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical out-of-bounds read vulnerability that can be exploited remotely without authentication to leak sensitive information from appliance memory.

Affected Products:

• NetScaler ADC
• NetScaler Gateway

Recommended Actions:

• Immediately identify all NetScaler deployments in your environment
• Prioritize patching for internet-facing appliances
• Monitor for exploitation attempts
• Review Citrix security bulletin for specific version information

(SecurityWeek, The Hacker News)

PTC Windchill and FlexPLM (CRITICAL)

Severity: Critical
Impact: Remote Code Execution

PTC has issued an urgent warning about a critical RCE vulnerability in Windchill and FlexPLM product lifecycle management solutions. These systems are widely deployed in manufacturing, aerospace, and defense sectors.

Recommended Actions:

• Identify all Windchill and FlexPLM installations
• Apply vendor patches immediately
• Implement network segmentation if patching is delayed
• Monitor for exploitation attempts

(Bleeping Computer)

CISA ICS Advisories (Published March 24, 2026)

Software Updates

Google Chrome 146

Google has released Chrome 146 addressing eight memory safety vulnerabilities across seven components, including high-severity issues. Organizations should verify automatic update mechanisms are functioning and consider expedited deployment for high-risk environments. (SecurityWeek)

Mozilla Firefox 149

Firefox 149 includes security updates and a new built-in VPN feature. Enterprise administrators should evaluate the VPN feature against organizational policies before deployment.

Supply Chain Integrity Verification

Given the TeamPCP supply chain compromise campaign, organizations should implement the following verification measures:

Trivy Security Scanner

• Verify installed Trivy versions against known-good hashes
• Check for unauthorized modifications to Trivy configurations
• Review scan results for anomalies that might indicate compromised tooling
• Consider temporary use of alternative scanning tools until integrity is confirmed

LiteLLM Python Package

• Immediately check for versions 1.82.7 or 1.82.8 in all Python environments
• Remove and replace with verified clean versions
• Rotate any credentials that may have been exposed
• Review logs for credential harvesting indicators

GitHub Actions

• Audit all GitHub Actions workflows for unauthorized modifications
• Review CI/CD pipeline logs for suspicious activity
• Implement workflow approval requirements for sensitive repositories
• Consider pinning actions to specific commit hashes rather than tags

Defensive Measures

HP TPM Guard

HP has launched TPM Guard, a new security feature designed to help defeat physical TPM (Trusted Platform Module) attacks. Organizations with high physical security requirements should evaluate this technology for endpoint protection. (CSO Online)

AI Honeypots

Security researchers are advocating for CISOs to embrace AI-powered honeypots as a defensive measure. These systems can help detect and analyze attacker behavior while protecting production systems. (CSO Online)

Enterprise Security Software Effectiveness

Absolute Security's 2026 Resilience Risk Index warns that enterprise cybersecurity software fails approximately 20% of the time due to:

• Poor patch management practices
• Increasingly complex IT environments
• Continued use of obsolete software

Organizations should audit security tool effectiveness and address gaps in coverage. (Infosecurity Magazine)

5. Resilience & Continuity Planning

Lessons from Recent Incidents

Foster City Ransomware Response

Foster City, California's declaration of a state of emergency following a ransomware attack provides several lessons for municipal and critical infrastructure operators:

• Emergency Declaration Value: Declaring emergencies can unlock additional resources and expedite recovery
• Pre-positioned Agreements: Having incident response retainers and mutual aid agreements in place accelerates response
• Communication Plans: Clear public communication strategies help maintain community trust during incidents

Supply Chain Compromise Response

The TeamPCP campaign demonstrates the importance of:

• Software Bill of Materials (SBOM): Organizations with comprehensive SBOMs can quickly identify exposure to compromised packages
• Vendor Diversity: Relying on single security tools creates single points of failure
• Integrity Verification: Implementing cryptographic verification of software packages before deployment
• Rapid Response Capability: Having processes to quickly audit and remediate across the enterprise

Supply Chain Security Developments

FCC Router Ban Implications

The FCC's ban on foreign-made consumer routers will require organizations to:

• Audit current router inventory and procurement pipelines
• Identify alternative domestic or approved suppliers
• Plan for potential cost increases and supply constraints
• Update procurement policies to ensure compliance

Developer Tool Supply Chain

The compromise of security tools (Trivy) and development packages (LiteLLM)