Security Digest — 2026-03-28
Today’s security landscape is defined by a surge in AI-framework vulnerabilities and supply chain attacks, while geopolitical cyber operations intensify across critical infrastructure and state-linked threat actors push nation-state-grade tooling into broader criminal markets.
AI Security Research
Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in Large Language Models ArXiv cs.AI Chain-of-thought reasoning in LLMs introduces safety gaps that content-layer filters miss; this paper proposes real-time monitoring of the reasoning process itself to detect vulnerabilities before they manifest in outputs.
The System Prompt Is the Attack Surface: How LLM Agent Configuration Shapes Security and Creates Exploitable Vulnerabilities ArXiv cs.AI System prompt design can swing LLM email agents from near-total phishing blindness to near-perfect detection, demonstrating that agent configuration is a primary—and underappreciated—security variable.
PIDP-Attack: Combining Prompt Injection with Database Poisoning Attacks on Retrieval-Augmented Generation Systems ArXiv cs.AI A combined prompt-injection/database-poisoning attack against RAG pipelines that allows adversaries to corrupt retrieved knowledge and manipulate LLM outputs without direct model access.
DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents ArXiv cs.AI DRIFT proposes runtime injection isolation for LLM-based agentic systems, dynamically enforcing rule boundaries to prevent compromised tool outputs from escalating privileges.
SABER: A Stealthy Agentic Black-Box Attack Framework for Vision-Language-Action Models ArXiv cs.RO A black-box adversarial framework targeting the natural-language instruction channel of VLA robotics models, enabling stealthy manipulation of robot behavior without access to model weights.
NeuroStrike: Neuron-Level Attacks on Aligned LLMs ArXiv cs.CR Fine-grained neuron-level perturbations can bypass RLHF safety alignment in LLMs, raising the alarm that current alignment techniques may not be robust against targeted model-layer manipulation.
LiteGuard: Efficient Task-Agnostic Model Fingerprinting with Enhanced Generalization / IrisFP: Adversarial-Example-based Model Fingerprinting ArXiv cs.CR Two complementary papers advance model IP protection: LiteGuard offers lightweight universal fingerprinting across task types, while IrisFP uses multi-boundary adversarial examples to improve fingerprint uniqueness and robustness against evasion.
Can You Tell It’s AI? Human Perception of Synthetic Voices in Vishing Scenarios ArXiv cs.CR Modern TTS systems produce voice scams convincing enough to fool most humans; the study finds detection rates fall sharply when call context is realistic, underscoring the urgency of audio-deepfake detection tools.
Unveiling the Resilience of LLM-Enhanced Search Engines against Black-Hat SEO Manipulation ArXiv cs.CR Evaluates whether LLM-integrated search engines inherit traditional search engines’ vulnerability to SEO poisoning attacks, finding that while LLMs add some resilience, they remain susceptible to carefully crafted adversarial content.
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks The Hacker News Three now-patched vulnerabilities in LangChain and LangGraph could expose filesystem data, environment secrets, and conversation histories—a reminder that the AI agent framework layer carries significant attack surface.
Vulnerabilities & Exploits
Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV Audio / TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files BleepingComputer / The Hacker News TeamPCP—the same group behind earlier supply chain hits on Trivy, KICS, and litellm—has now poisoned the telnyx Python package on PyPI with credential-stealing malware concealed inside WAV audio files.
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits The Hacker News Apple is pushing on-device lock screen notifications urging users on older iOS versions to update immediately, citing active web-based attacks targeting unpatched devices.
Fake VS Code Alerts on GitHub Spread Malware to Developers BleepingComputer A large-scale campaign is abusing GitHub Discussions on popular repositories to post fake VS Code security alerts that lure developers into downloading malware—a high-trust vector targeting the software supply chain at its source.
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks The Hacker News A now-patched flaw in Open VSX’s pre-publish scanning pipeline could be exploited to slip malicious VS Code extensions past automated security review, threatening any developer who installs extensions from the open registry.
China Upgrades the Backdoor It Uses to Spy on Telcos Globally Dark Reading Chinese APT Red Menshen has significantly upgraded BPFdoor, a kernel-level backdoor used against global telecom providers; the new variant evades traditional security controls, leaving telcos with hunting as their primary defensive option.
European Commission Investigating Breach After Amazon Cloud Account Hack BleepingComputer A threat actor gained access to the European Commission’s Amazon cloud environment; the Commission has opened a formal investigation while assessing scope and impact.
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion The Hacker News Adversary-in-the-middle phishing pages designed to capture TikTok for Business credentials are leveraging Cloudflare Turnstile to evade bot-detection and extend campaign lifespan.
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware The Hacker News Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 ransomware attacks against Russian businesses since January 2025 using their custom GenieLocker payload, continuing a trend of conflict-driven ransomware operations.
Dutch Police Discloses Security Breach After Phishing Attack BleepingComputer The Dutch National Police confirmed a breach stemming from a successful phishing attack, stating impact was limited and no citizen data was affected.
Coruna, DarkSword & Democratizing Nation-State Exploit Kits Dark Reading Nation-state-grade malware is appearing on the dark web and GitHub, putting sophisticated exploit capabilities in reach of ordinary criminal actors and significantly raising the baseline threat organizations must defend against.
Wartime Usage of Compromised IP Cameras Highlight Their Danger Dark Reading Multiple countries are actively exploiting internet-connected cameras to conduct surveillance inside adversaries’ networks, with the list of participating nations expanding—highlighting persistent risks of internet-exposed OT/IoT devices.
Policy & Compliance
Google Sets 2029 Deadline for Quantum-Safe Cryptography Dark Reading Google has committed to completing its post-quantum cryptography migration by 2029, signaling to the industry that the window for PQC transition planning is shorter than many assume.
We Are At War The Hacker News An analysis of how rising geopolitical tensions are manifesting—and in some cases being preceded—by cyber operations, arguing that the security community must adopt a wartime posture given the scale and coordination of state-linked attacks.