Header image for: CONTAINER CHAOS + TAX SEASON TARGETS = SAME OLD SHIT, NEW FORMAT

CONTAINER CHAOS + TAX SEASON TARGETS = SAME OLD SHIT, NEW FORMAT

By Grimbly31 · 3/23/2026

#cybersecurity#threat intelligence#vulnerability scanning#supply chain security

Dusting Off the Old Tools, Again

Look, I’ve been staring at glowing screens since before most of you were a gleam in your parents’ eyes. Raised on BBSes and the early web, I’ve seen security “crises” come and go. Usually it’s just the same old script with a new font. But this past week? This feels…different. Not a paradigm shift, not yet, but a definite escalation of chaos.

It started, predictably, with the supply chain. Trivy. Good tool, open source, helps folks scan for vulnerabilities in their container images. Then it got compromised. Not once, but twice. First it was an infostealer and a wiper worm – they’re calling it CanisterWorm, clever name – slipped into the builds. They cleaned that up, right? Nope. A couple days later, GitHub Actions repos were getting hit with another infostealer, stemming right back from the same poisoned well. Seriously, folks, if you’re pulling packages, verify. I know, I know, it's a pain. But this is why we learned to checksum in the first place. Some things never change.

And it's not just Trivy. We’re seeing active exploitation of a critical vulnerability in Quest KACE, going on for over a week now. CVE-2025-32975. Patch that, yesterday. CISA’s KEV catalog is starting to look like a frantic list of fire drills – Apple, Craft CMS, Laravel, all need attention by April 3rd. Keep up.

Then there’s the AI stuff. AWS Bedrock? XM Cyber’s found eight different ways to mess with it. Manipulate logs, hijack agents…sounds like 1998 again, honestly, just with fancier toys. Which, of course, is attracting attention. Microsoft's getting hammered with phishing, aiming for around 29,000 users during tax season. They’re dropping RMM malware, letting attackers walk right into your network. And to top it off? Russian intelligence is actively fishing for high-value targets. Government officials, journalists…the usual suspects. Don't click links, people. Seriously.

Oracle had a critical vulnerability too – CVE-2026-21992. Remote code execution, the classic. Patched, but you need to apply it. Langflow, a framework for building AI apps, had a critical flaw that was being exploited within hours of it being disclosed. That’s…fast.

Even mobile isn't safe. Google's finally trying to crack down on sideloaded apps, adding a 24-hour wait period. It’s a clumsy fix, but they’re right to be worried. The amount of malware and scams getting past app store defenses is…concerning.

Look, this isn’t Skynet taking over. It's just a lot of old problems, amplified by new technologies and increasingly desperate actors. A lot of preventable stuff. I'm digging out my old port scanners and packet sniffers, just for old times’ sake. Feels good to have a purpose again.

Stay vigilant, stay skeptical, and for the love of all that is holy, verify your dependencies.

– Grimbly31

đź“° Jape News