Brief #148: Telnyx PyPI Supply Chain Attack, F5 BIG-IP RCE Exploited, Databricks Launches Lakewatch SIEM

Happy Sunday,

In this week's analysis:

• Supply chain threat escalation: TeamPCP's multi-ecosystem campaign now includes ransomware partnerships, signaling a shift where open-source infrastructure becomes a first-stage attack vector for extortion.
• CISO leadership deficit: Only 35,000 CISOs serve 359 million businesses globally, a 10,000-to-1 ratio that leaves SMBs structurally exposed.
• Platform disruption: Databricks' Lakewatch SIEM uses consumption pricing to challenge incumbents, and security teams should start evaluating it for 2026 renewal cycles.

TeamPCP Compromises Telnyx PyPI Package, Hides Credential Stealer Inside WAV Audio Files

• TeamPCP pushed two malicious versions (4.87.1 and 4.87.2) of the popular Telnyx Python SDK to PyPI on March 27, embedding credential-stealing malware inside .WAV audio files using steganography to evade detection.
• The attack is part of a broader supply chain campaign that already hit Trivy, KICS, and litellm, and the group has announced partnerships with LAPSUS$ and ransomware group Vect to scale credential abuse before victims complete remediation.
• Pin all GitHub Actions and PyPI dependencies to exact commit SHAs, audit environments for telnyx 4.87.1/4.87.2, rotate all secrets if found, and block the C2 IP (83[.]142[.]209[.]203).

CISA Adds F5 BIG-IP APM Critical RCE Flaw to KEV Catalog After Active Exploitation

• CISA added CVE-2025-53521 (CVSS 9.3) to its Known Exploited Vulnerabilities catalog on March 28 after F5 confirmed active exploitation of a remote code execution flaw in BIG-IP Access Policy Manager that was originally classified as denial-of-service.
• The reclassification from DoS to RCE based on new March 2026 intelligence means organizations that deprioritized the original advisory now face significantly higher risk than initially assessed.
• Verify all BIG-IP APM instances are patched immediately, review network logs for anomalous traffic to virtual servers with APM policies, and treat this as a priority-one patch cycle.

European Commission Investigating Breach After Hackers Access AWS Cloud Infrastructure

• The European Commission confirmed on March 27 that threat actors infiltrated its networks and accessed its AWS cloud infrastructure, with some data confirmed stolen during the breach.
• The incident raises questions about sovereign cloud strategies and third-party cloud dependency across EU institutions, especially as Europe pushes to reduce reliance on US tech infrastructure.
• Review cloud provider access controls and logging configurations, ensure incident response plans cover cloud-native breach scenarios, and monitor for follow-up campaigns targeting exposed data.

Only 35,000 CISOs Serve 359 Million Businesses: 2026 Report Reveals 10,000-to-1 Leadership Gap

• The 2026 CISO Report from Cybersecurity Ventures and Sophos found just 35,000 CISOs worldwide serving an estimated 359 million businesses, a 10,000-to-1 ratio that creates a massive security leadership vacuum, especially for SMBs.
• The World Economic Forum estimates 90% of companies globally are small businesses, yet close to zero percent employ a dedicated security officer, leaving them exposed to enterprise-grade threats without executive-level risk guidance.
• Fractional CISO models and AI-augmented security leadership platforms represent the most scalable near-term solutions, but human bandwidth constraints remain the bottleneck for serving hundreds of millions of organizations.

How CISOs Can Survive Geopolitical Cyberattacks: Lessons from the Stryker-Handala Incident

• The Iran-linked group Handala attacked Stryker, a Fortune 500 medical device manufacturer, in March 2026, reportedly wiping tens of thousands of devices across 79 countries and disrupting manufacturing, logistics, and order processing.
• Threat intelligence research shows many Iranian destructive campaigns rely on manual operations rather than advanced malware, meaning defenders who understand these operational patterns can limit damage even after perimeter breach.
• Build incident response playbooks specifically for destructive wiper scenarios, segment critical OT networks from IT infrastructure, and incorporate geopolitical threat briefings into quarterly security strategy reviews.

State of AI Cybersecurity 2026: 92% of Security Pros Concerned About AI Agent Impact

• The State of AI Cybersecurity 2026 report found that 92% of security professionals are concerned about the impact of AI agents on their organization's security posture as embedded AI features go mainstream.
• Security teams are struggling to adapt governance frameworks, tooling, and talent to the speed of enterprise AI adoption, creating a gap between deployment velocity and security readiness.
• Establish an AI asset inventory across the organization, define acceptable use policies for AI agents before deployment scales further, and allocate dedicated budget for AI-specific security controls.

LangChain and LangGraph Flaws Expose Files, Secrets, and Databases in Popular AI Frameworks

• Researchers disclosed three security vulnerabilities in LangChain and LangGraph, widely used open-source frameworks for building LLM-powered applications, that could expose filesystem data, environment secrets, and conversation history.
• As organizations rush to build AI agents and LLM-powered workflows, the security of the underlying frameworks becomes a critical attack surface that most teams are not yet auditing.
• Audit all LLM framework dependencies for known CVEs, restrict filesystem and environment variable access for AI agent processes, and implement network segmentation for AI workloads.

ShadowPrompt Vulnerability in Claude Chrome Extension Allowed Zero-Click XSS and Token Access

• A critical vulnerability dubbed ShadowPrompt in Anthropic's Claude Chrome extension allowed zero-click XSS prompt injection and token access, which has since been patched by Anthropic and Arkose Labs.
• Browser-based AI extensions with deep system access represent a growing attack surface that security teams rarely include in their threat models, despite handling sensitive prompts and authentication tokens.
• Inventory all AI-related browser extensions across the organization, enforce extension allowlisting policies, and monitor for unauthorized AI tool installations in endpoint management platforms.

GitHub Adds AI-Powered Bug Detection to Expand Code Security Coverage Beyond CodeQL

• GitHub announced AI-based scanning for its Code Security tool on March 25, expanding vulnerability detection beyond CodeQL static analysis to cover more languages and frameworks.
• The move signals that AI-assisted code review is becoming table stakes for DevSecOps, reducing the gap between code commit and vulnerability discovery for development teams using GitHub.
• Enable the new AI scanning capabilities alongside existing CodeQL workflows, review initial findings for false positive rates before tuning alerting thresholds, and use the expanded coverage to address language gaps in current SAST tooling.

Databricks Enters Cybersecurity Market with Lakewatch, an Agentic SIEM, Ahead of Expected IPO

• Databricks launched Lakewatch on March 24, an open, agentic SIEM that unifies security, IT, and business data in a single governed environment, directly challenging incumbents like Splunk, Palo Alto Networks, and Microsoft Sentinel.
• The $134 billion-valued company is using a consumption-based pricing model that charges for work performed rather than data stored, attacking the biggest pain point in traditional SIEM economics where costs scale with log volume.
• Security teams evaluating SIEM alternatives should add Lakewatch to shortlists for 2026 renewals, particularly if already running Databricks for data and analytics workloads.

Eclypsium Raises $25M to Expand Device Supply Chain Security for AI Infrastructure

• Eclypsium raised $25 million in strategic funding led by PEAK6 Strategic Capital, bringing total capital to over $100 million, to expand firmware and hardware supply chain security across enterprise and government environments.
• The company is expanding platform coverage to NVIDIA GPU servers in AI data centers and network edge appliances, addressing the growing attack surface created by AI infrastructure buildouts where traditional endpoint agents are blind.
• Organizations deploying AI compute infrastructure should evaluate firmware and hardware integrity monitoring as part of their supply chain security strategy, especially for GPU clusters and edge devices.

Onit Security Raises $11M Seed to Automate Exposure Management Lifecycle

• Tel Aviv-based Onit Security raised $11 million in seed funding led by Hetz Ventures and Brightmind Partners for its agentic exposure management platform that automates the full lifecycle from vulnerability detection to remediation execution.
• The company claims the founding was partly motivated by bottlenecks exploited during an Iranian state-sponsored cyberattack, targeting the gap between when vulnerabilities are found and when they are actually fixed.
• The seed raise reflects investor confidence in the exposure management category, and security teams dealing with remediation backlogs should watch this space as AI-driven prioritization tools mature.

Eclypsium Supply Chain Security Platform

Firmware, hardware, and software supply chain security for enterprise devices. Covers inventory, hardening, threat detection, and response across the full device lifecycle. Relevant this week as the company raised $25M to expand into AI infrastructure security.

Legit Security Software Supply Chain Security

Secures the software development pipeline from code to deployment, covering CI/CD security, secret detection, and software supply chain risk. Directly relevant following TeamPCP's ongoing campaign targeting developer tools like Trivy, KICS, litellm, and Telnyx.

Prevalent Exposure Management

Cloud-based exposure management platform that prioritizes vulnerabilities based on business context. Connects to this week's Onit Security seed raise and the broader shift toward automated remediation workflows.

Thank you for reading this week's brief.

Whenever you're ready, there are three ways I can help you:

• Get your cybersecurity product in front of 15,000 cybersecurity professionals on CybersecTools. Submit Your Product
• Position your product to sell to CISOs correctly. CISO Lens
• Analyze entire cyebrsceurity market with AI. Access CybersecTools MCP server

Talk to you in the next one.

Nikoloz