Security briefing: March 2026

Sysdig's March briefing documents multiple high-risk incidents where critical vulnerabilities and supply-chain compromises were exploited at machine speed: a Pac4j JWT signature validation bypass, an Ingress‑NGINX path/config injection RCE, and a zero‑auth Langflow RCE that was actively exploited within 20 hours; additionally, the TeamPCP supply‑chain campaign abused GitHub Actions to steal credentials and propagate to Trivy, Checkmarx, PyPI packages and other vendors. The report warns that AI infrastructure and CI/CD tools are attractive, high‑impact targets, urging immediate patching, key rotation, network restrictions, runtime monitoring, and real‑time protections to detect post‑exploit behavior and contain blast radius.