Daily Security Briefing #205

March 26, 2026 | Read Online

China-linked threat actors continue to disrupt global networks with stealthy BPFdoor implants and Langflow code injection vulnerabilities exposed…

Executive Summary

Cybersecurity threats continue to escalate as China-linked threat actors embed themselves in telecom networks, conducting high-level espionage against government networks. Meanwhile, a critical code-injection vulnerability in Langflow has been exploited in the wild, prompting an urgent warning from CISA. Additionally, threat actors are standardizing ClickFix-based attacks that sidestep traditional browser protections.

Top Articles

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone A months-long investigation by Rapid7 Labs uncovered evidence of a China-nexus threat actor placing stealthy digital sleeper cells in telecommunications networks. The goal is to carry out high-level espionage, including against government networks. Rapid7 Blog

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters The Trump administration’s executive order neutered states’ ability to regulate AI by ordering his administration to sue and withhold funds from states trying to do so. This action supported industry lobbyists keen to avoid constraints on their deployment of AI. Schneier

CISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning about a critical code-injection vulnerability in Langflow, tracked as CVE-2026-33017. This severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. GBHackers

New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. GBHackers

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks A long-term campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity involves implanting and maintaining stealthy access mechanisms within critical environments. The Hacker News

CISA Warns of Langflow Code Injection Flaw Exploited in the Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical code injection vulnerability in Langflow, a popular framework used to build large language model (LLM) workflows. CyberPress

China-Linked Hackers Breach Southeast Asian Military Systems A sophisticated cyber espionage campaign tracked as CL-STA-1087 has successfully breached military organizations across Southeast Asia. Active since at least 2020, this long-running operation relies on custom backdoors and credential-stealing tools to gather critical military intelligence. CyberPress

CISA: New Langflow flaw actively exploited to hijack AI workflows The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. BleepingComputer

UK sanctions Xinbi marketplace linked to Asian scam centers The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.