CISA adds Langflow and Trivy bugs to KEV Catalog

CISA adds Langflow and Trivy bugs to KEV Catalog

Langflow Code Injection Flaw Actively Exploited — CVE-2026-33017 CISA has added a critical code injection vulnerability in Langflow to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.…
TeamPCP Supply Chain Campaign

TeamPCP Supply Chain Campaign

What Happened — The Attack Chain This is a deliberate, multi-hop campaign, not opportunistic. The attack on LiteLLM started five days earlier with Trivy. On March 19, attackers rewrote Git…