Cyber Threats Heat Up: A Recap of Attacks, AI Risks, and Critical Patches (Week of March 30)
Introduction
The week of March 30 brought a flurry of high-profile cyber incidents, from state-sponsored breaches and crippling ransomware to novel AI supply-chain attacks and a critical zero-day in Cisco's security appliances. This article recaps the most significant developments, providing context and guidance for organizations looking to bolster their defenses.
Top Attacks and Breaches
Iranian State Hackers Breach FBI Director's Gmail
Iranian state-affiliated threat group Handala Hack successfully breached the personal Gmail account of FBI Director Kash Patel. The attackers leaked numerous personal photos and documents. This incident follows the FBI's recent seizure of domains used by Handala Hack, which had been intensifying its targeting of Israeli and American entities in the context of the ongoing Iran conflict.
Ransomware Forces Spanish Port to Go Manual
Spain's Port of Vigo in Galicia suffered a ransomware attack that forced officials to disconnect parts of its network and switch cargo handling to manual processes. The attack locked digital equipment and disrupted logistics, though physical ship movement continued without digital communication. The incident highlights the vulnerability of critical maritime infrastructure to cyber extortion.
Netherlands Finance Ministry Confirms Cyberattack
The Netherlands' Ministry of Finance confirmed a cyberattack on March 19 that breached internal systems within its policy department, disrupting work for some employees. Authorities quickly blocked access to affected environments, while tax, customs, and benefits services remained operational. As of now, no threat actor has publicly claimed responsibility.
DeFi Platform Resolv Loses $24.5 Million in Private Key Theft
Decentralized finance platform Resolv suffered a cyberattack after a compromised private key allowed an attacker to mint approximately $80 million in uncollateralized USR tokens. The attacker then swapped these for 11,408 ETH, worth around $24.5 million. Resolv confirmed the incident, paused the application, and offered a 10% bounty for the return of funds.
AI Threats
LiteLLM Supply Chain Compromise
Researchers detailed a supply chain compromise of LiteLLM, a Python library that connects applications to major AI services. Attackers hijacked a security tool and pushed malicious releases on March 24. The tainted packages harvested API keys and cloud credentials, creating downstream exposure for widely used AI projects.
Critical Vulnerabilities in LangChain and LangGraph
Researchers outlined three high-severity vulnerabilities in LangChain and LangGraph, open-source frameworks for building AI assistants. These flaws could expose files, environment secrets, and prior conversations. The vulnerabilities enabled arbitrary file access, secret leakage, and SQL injection in checkpointing. Patches have been issued in updated components.
Zero-Click Flaw in Anthropic's Claude Chrome Extension
Researchers identified a zero-click flaw in Anthropic's Claude Chrome extension that allowed any website to silently inject prompts and control the assistant. The attack combined an overly permissive trusted domain list with a scripting bug in Arkose Labs CAPTCHA handling, enabling token theft, chat access, and email actions.
Vulnerabilities and Patches
Cisco Firewall Management Center Gets Critical Patch (CVE-2026-20131)
Cisco has addressed CVE-2026-20131, a CVSS 10 vulnerability in Secure Firewall Management Center that lets unauthenticated attackers execute code as root through the web interface. Cisco confirmed attempted exploitation in March 2026 and released fixes. On-premises customers have no workaround beyond applying the updates. Check Point IPS provides protection against this threat (Cisco Secure Firewall Management Center Insecure Deserialization).
Check Point IPS Coverage
Check Point's Intrusion Prevention System (IPS) offers signature-based protection for CVE-2026-20131, helping to block exploitation attempts before they compromise the network. Organizations using Check Point security gateways should ensure their IPS signatures are updated.
Staying informed about these threats and applying patches promptly is crucial for maintaining a strong security posture. For the latest discoveries in cyber research, download our full Threat Intelligence Bulletin.