SANS Internet Storm Center Stormcast Highlights Multiple Cybersecurity Incidents

The March 27, 2026, SANS Internet Storm Center Stormcast covered multiple cybersecurity incidents, including the TeamPCP supply chain compromise affecting all 91 tags of a repository, with underreporting suspected. The LightLM project, previously compromised, froze its repository and resumed operations after reviewing its CI/CD pipeline to prevent future breaches, halting new releases temporarily. Apple’s recent updates did not patch DarkSwart exploits—a campaign leveraging vulnerabilities from government-sponsored spyware (Coruna)—though iOS 26.3 (released February 2026) and older OS updates (18.4/18.6 in March) addressed these flaws. A critical vulnerability in Langflow, an AI pipeline tool, was exploited within 20 hours of patch release, emphasizing the need for immediate updates and credential rotation. The host also referenced a Google blog post detailing the timeline of exploits used in DarkSwart and related attacks. The episode concluded with a reminder to assume compromise if patches are delayed.