Hacktivist Group Claims Responsibility for Breach, Malicious Python Packages Discovered, and LangChain Vulnerabilities Reported

The hacktivist group Handala claimed responsibility for breaching Kash Patel, a former U.S. government official, though no specific data exposure details were confirmed. Malicious Python packages containing WAV file-based malware were discovered on the PyPI repository, targeting developers with obfuscated audio files that execute malicious payloads. LangChain, a popular AI framework, was found to have remote code execution (RCE) vulnerabilities, though no CVE IDs or patch dates were specified. The incidents were reported on March 30, 2026, with impacts including potential unauthorized access, supply chain attacks, and AI application compromise. No additional technical indicators or affected version numbers were provided in the notice.