SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited
Mar 27, 2026
A supply-chain compromise affecting many Checkmarx components and detection options. Urgent advice on rapid credential rotation and practicing recovery. A web exploit chain tied to government spyware and which iOS updates actually addressed it. A LangFlow flaw that was weaponized fast, stressing prompt patching and key rotation.
AI Snips
Chapters
Transcript
Episode notes
Rotate Credentials Immediately After Suspicion
- Rotate compromised or suspected credentials immediately to limit attacker dwell time.
- Johannes Ulrich warns TeamPCP showed delayed credential use, so rotate keys even if you only suspect an issue.
Supply Chain Reports Often Underreport Scope
- Initial reports undercount scope in supply-chain incidents and later updates often reveal wider impact.
- Johannes Ulrich highlights Checkmarx's compromise affected all 91 tags, more than initially reported.
Freeze Releases And Audit CI/CD After Compromise
- Pause new releases and review CI/CD and release procedures after a supply-chain compromise.
- Johannes Ulrich notes Lite LLM froze its repo and will audit its CI/CD before issuing further releases.