Summary4 min read

Episode Summary: SANS Stormcast — March 27, 2026

Host: Johannes B. Ullrich
Main Topics: TeamPCP Supply Chain Update, DarkSword Exploits & Apple Patches, Langflow Vulnerability

Overview

In this brief but information-packed episode, Johannes B. Ullrich updates listeners on three hot-button security incidents: the ongoing TeamPCP supply chain compromise (with new findings on its scope and best practices for credential management), clarification on the recent Apple updates and the DarkSword exploit campaign, and the rapid exploitation of a vulnerability in the AI pipeline tool Langflow. The show maintains its practical, direct tone, offering actionable advice and awareness for security practitioners.

Key Discussion Points & Insights

1. TeamPCP Supply Chain Compromise Update

Expanded Scope of Compromise:
- Recent diary entry (by SANS instructor Kenneth Hartman) reveals that the Checkmarks compromise affected all 91 tags, expanding the known scope.
  - Quote:
    "One of the important points here is that the checkmarks compromise affected all 91 tags. That was not sort of noted initially I mentioned yesterday. What you're seeing now is just the tip of the iceberg. So always suspect underreporting." — [00:33]
- Emphasizes the common pattern of underreporting in major breaches.
Credential Rotation Best Practices:
- Rotate credentials proactively. Even if compromise is only suspected, don't delay.
  - Quote:
    "If you can't do it sort of weekly just for the fun of it without breaking anything, then you're not good at it. So try to get to that point." — [01:04]
  - Tip: Practice credential rotation regularly to ensure your systems and teams are prepared.
Status of Affected Repositories:
- The lightllm PyPI repository was frozen and is now restored. The maintainers suspend new releases pending a full review of their CI/CD process, aiming to shore up against future attacks.

2. DarkSword Exploits vs. Apple Updates

Clarifying the DarkSword Campaign:
- DarkSword is a set of web-based exploits targeting vulnerable Apple devices—originally seen in government-level spyware campaigns ("Corona" campaign, July last year).
- These exploits now migrate from nation-state tools into wider criminal usage—a typical trickle-down effect.
  - Quote:
    "This is really sort of one example where these exploits are trickling down from more sophisticated to more widely used malware." — [02:13]
Apple Patch Timeline and Safety Guidance:
- Confusion arose because recent Apple patches seemed (incorrectly) related to DarkSword exploits.
  - Fact: Latest Apple update (this week) does not fix the vulnerabilities used in DarkSword.
  - Relevant patch:
    - iOS 26.3 (Feb release) and March updates to older OS versions fixed the bugs involved in those exploits.
    - If you're on 26.3 or newer, you're covered for known DarkSword vectors.
- Quote:
  "This week's updates did not fix any of the vulnerabilities that were used in Dark Sword. At least that's not sort of what's in the update here." — [02:36]
- Recommendation:
  - Keep devices up to date generally (new exploits may come), but there is no immediate emergency regarding this week's Apple fixes and current DarkSword activity.
- Additional Resource:
  - Host promises a link in show notes to a helpful Google timeline on exploit patching.

3. Langflow Vulnerability — Immediate Exploitation in AI Tools

Vulnerability Breakdown:
- Langflow (a visual AI pipeline tool) recently suffered a new vulnerability, with exploitation noted within 20 hours of the patch being released.
  - Quote:
    "According to a blog by Sysdig, this vulnerability was exploited within 20 hours of the patch being released." — [03:42]
- Commentary on AI/Open Source Threats:
  - Attackers are quick to analyze open source patches (diffs are fast), especially for popular tools like Langflow.
    - Quote:
      "Of course diff is much quicker than a bin diff in some kind of a commercial tool that's also probably not all that popular. Get it patched. And if you haven't patched yet, assume compromise." — [04:08]
- Best Practice:
  - Apply patches immediately, and if lagging—assume compromise.
  - Rotate keys and credentials as a precaution, tying back to the theme of proactive hygiene.

Notable Quotes and Timestamps

| Timestamp | Speaker | Quote | |-----------|--------------------|----------------------------------------------------------------------------------------------------------------------------------| | 00:33 | Johannes B. Ullrich| "One of the important points here is that the checkmarks compromise affected all 91 tags. That was not sort of noted initially..."| | 01:04 | Johannes B. Ullrich| "If you can't do it sort of weekly just for the fun of it without breaking anything, then you're not good at it. So try to get to that point."| | 02:13 | Johannes B. Ullrich| "This is really sort of one example where these exploits are trickling down from more sophisticated to more widely used malware."| | 02:36 | Johannes B. Ullrich| "This week's updates did not fix any of the vulnerabilities that were used in Dark Sword..." | | 03:42 | Johannes B. Ullrich| "According to a blog by Sysdig, this vulnerability was exploited within 20 hours of the patch being released." | | 04:08 | Johannes B. Ullrich| "Of course diff is much quicker than a bin diff in some kind of a commercial tool that's also probably not all that popular. Get it patched. And if you haven't patched yet, assume compromise."|

Conclusion & Actionable Takeaways

Proactively rotate credentials and keys—practice until you’re comfortable doing it without outages.
Patch immediately—assume threat actors are fast, especially for widely used open source or AI tools.
Stay informed—don’t be misled by headlines conflating coincident events (e.g., Apple updates and new exploits).
Check show notes for extended resources, like Google’s detailed timelines on exploit usage and patching.

As always, keep your defenses up and systems nimble—today’s "known" threat may already be yesterday’s headline.

Loading summary

Transcript1 lines

[00:05]
A
Hello and welcome to the Friday, March 27, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida and this episode is brought to you by the SANS Edu Graduate Certificate Program in Industrial Control System Security well, and can't get quite Let go of Team PCP and the Supply Chain Compromise Kenneth Hartman, SANS instructor who also did the webcast I mentioned yesterday, published a quick update as a diary. One of the important points here is that the checkmarks compromise affected all 91 tags. That was not sort of noted initially I mentioned yesterday. What you're seeing now is just the tip of the iceberg. So always suspect underreporting. You must rotate credentials. Even if you just suspect that you had an issue, you may have some time as apparently Team PCP is a little bit behind in actually using all of the credentials. But you really also for future reference, you must get good at rotating credentials. If you can't do it sort of weekly just for the fun of it without breaking anything, then you're not good at it. So try to get to that point. Lightllm well, because it was compromised, PYPI actually froze that particular repo and it now has been released again. Lightlm announced that for now they're not going to release any new releases. The latest good one is still out there, so you can use it if you want to. But before they're doing any new releases, they first want to go over their CI CD pipeline, their release procedures to make sure that something like this doesn't happen again, which sounds like a very good idea. Then of course, earlier this week we did have the Apple updates and there are some questions, some confusion about another sort of Apple related event that has gotten a lot of press lately and that's Dark Sword. So first of all, what's Dark Sword? Dark Sword is basically set of exploits being used on websites that if a user with a vulnerable Apple device visits one of those websites, they're getting infected. And the exploits being used in Dark Sword they actually came originally out of a little more sort of these government sponsored spyware scenarios. Corona was like the name for that particular campaign back in July last year. This is really sort of one example where these exploits are trickling down from more sophisticated to more widely used malware. But what's causing confusion is sort of the overlap of these events of Apple releasing updates and Dark Sword sort of being discussed in the press. This week's updates did not fix any of the vulnerabilities that were used in Dark Sword. At least that's not sort of what's in the update here. Early February Apple released iOS 26.3 and then early March, remember they released these updates for like the older operating systems, 18.4, 18.6. Those were the updates that fixed some of these vulnerabilities used by Dark Sword and Koruna. So as long as you use 26.3, which is the February version of iOS, you're good as far as Dark Sword is concerned. This week's update, you don't need to apply it to be safe from these currently used exploits. On the other hand, of course, always a good idea to keep your stuff up to date and who knows that I may be the next dark sport around the corner that uses new vulnerabilities that were patched this week. So definitely update. But it's not like a super emergency where anything that was patched this week is sort of already being exploited. And in the show notes, I'll add a link to a blog post by Google that has a real good timeline how these different exploits were patched and how they were used by various attackers. And yes, let's go back to AI. We do have a vulnerability that was recently being discovered in Langflow. Now Langflow is sort of one of those visual systems, allows you to create AI pipelines and racks. And yes, it had a number of vulnerabilities. That's not the first time that there was a vulnerability here, but according to a blog by Sysdig, this vulnerability was exploited within 20 hours of the patch patch being released. Not a huge surprise given how frequently Langflow is being used and also with some of these open source tools. Of course Diff is much quicker than a bin diff in some kind of a commercial tool that's also probably not all that popular. Get it patched. And if you haven't patched yet, assume compromise. And didn't I mentioned rotating keys and all that good stuff. So yes, you definitely get to do that. Well, and that's it for today. Thanks for listening, thanks for liking, thanks for subscribing. Next week, of course I'll be in Orlando at our Spring conference, so if you run into me, I always have some Internet Stormcenter stickers with me and well talk to you again on Monday. Bye.