Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Part 1 covered CanisterWorm, the self-spreading npm worm. This post covers the next wave: a malicious LiteLLM PyPI package carrying the most capable credential stealer TeamPCP has deployed yet. On March 24, 2026, two versions of litellm, one of the most widely used Python libraries for working with AI language model APIs, were published to PyPI carrying a hidden credential stealer. Versions 1.82.7 and 1.82.8 never appeared on the official LiteLLM GitHub repository.

We're excited to announce that BlueVoyant's Third-Party Risk Management (TPRM) solution is now available on Google Cloud Marketplace. This milestone makes it easier than ever for organizations to purchase, deploy, and start managing supply chain cyber risk while getting more value from their existing Google Cloud Platform (GCP) investment.

“We have backups” might be the most dangerous phrase in law firm IT. According to the ABA’s 2023 Legal Technology Survey, only 34% of law firms have an incident response plan – and far fewer regularly test their ability to actually recover from a disaster. Having backups and being able to recover from them are two very different things.

Securonix threat researchers have been tracking an ongoing campaign targeting French-speaking corporate environments through fake resumes. The campaign uses highly obfuscated VBScript file disguised as resume/CV documents, delivered through phishing emails. Once executed, the malware deploys a mutli-purpose toolkit that combines credential theft, data exfiltration, and Monero cryptocurrency mining for maximum monetization.

For channel partners, AI has quickly moved from a future conversation to a current customer problem. Clients are already using AI across their organisations, often faster than governance can keep up. What’s emerging is not just another technology trend, but a new class of risk that customers cannot fully see or control. Our latest research, based on insights from senior security leaders in highly regulated industries, highlights the scale of the issue.

Microsoft SharePoint, a core platform for enterprise collaboration, is facing active exploitation through a newly confirmed vulnerability, tracked as CVE-2026-20963. Rooted in unsafe deserialization of user-controlled data, this vulnerability allows remote code execution with low-privileged authenticated access, making it a high-priority threat for organizations worldwide.

Cybersecurity is no longer just for large enterprises. Small and medium-sized businesses (SMBs) are boosting security investments as cyber risks increase and digital operations expand. According to Omdia, SMBs account for more than 99% of organizations worldwide. In 2025, these businesses increased their cybersecurity spending by 11%, reaching $64.3 billion. This surge reflects an important shift. SMBs are no longer treating cybersecurity as a reactive IT expense.

The last six months have been nothing short of revolutionary for AI-powered coding. OpenAI‘s “Code Red” release brought us GPT-5.1 and 5.2. Google unveiled Gemini 3 with its touted “unprecedented reasoning capabilities.” Anthropic rolled out Claude 4.5 and 4.6, powering the increasingly ubiquitous Claude Code features. Enterprise adoption of tools like OpenClaw has exploded, with developers praising unprecedented productivity gains.

According to HIPAA Journal, phishing remains one of the most common and effective attack methods used against healthcare organizations and is a leading cause of healthcare data breaches. As healthcare becomes more digital, cybercriminals increasingly target clinicians and administrative staff to access Electronic Health Records (EHRs) and other Protected Health Information (PHI).

BUFFALO, N.Y., March 24, 2026 — Sedara, a cybersecurity solutions provider specializing in Managed Detection and Response (MDR) and Attack Surface Management (ASM), today announced it has been named a Hot Company in Attack Surface Management in the 14th Annual Global InfoSec Awards, presented by Cyber Defense Magazine during RSAC 2026 Conference in San Francisco. The Global InfoSec Awards recognize cybersecurity innovators worldwide.