Mar 26 Digest: LeakBase Admin Arrested, WebRTC Skimmer Bypasses CSP, LiteLLM Supply Chain, PolyShell Hits Magento

This Week in Cybersecurity

The week of March 26 brought a mix of law enforcement victories and escalating attacker tradecraft. Weeks after the FBI led a multinational operation that dismantled LeakBase — the 147,000-subscriber stolen-credentials marketplace — Russian domestic authorities quietly detained a 33-year-old man in Taganrog alleged to be a platform administrator. It marks a rare instance of Russian law enforcement acting on a cybercrime case that Western agencies have been pursuing.

On the offensive side, threat actor TeamPCP continued its aggressive supply chain campaign. After poisoning the Trivy GitHub Actions scanner (covered last week), the group shifted to the Python AI ecosystem — compromising LiteLLM versions 1.82.7 and 1.82.8 on PyPI for two hours, deploying a credential-stealing backdoor with a 50-minute C2 check-in designed specifically to evade automated sandbox detection. The package is present in an estimated 36% of cloud environments.

The Magento ecosystem was pounded this week on two fronts: PolyShell exploits are actively targeting 56% of all vulnerable Magento 2 storefronts, and a newly disclosed WebRTC-based payment skimmer uses the browser's peer-to-peer data channel API to exfiltrate stolen card data over encrypted UDP — completely bypassing Content Security Policy controls that e-commerce operators rely on as a first-line defence against Magecart attacks.

Top Stories

Russia Detains Alleged LeakBase Admin Weeks After Global FBI-Led Crackdown

Russian law enforcement arrested a 33-year-old suspect in Taganrog, Russia, alleged to be an administrator of LeakBase — one of the most prolific stolen-data marketplaces ever operated, with over 147,000 subscribers at its peak and hundreds of millions of records sourced from corporate breaches, credential stuffing operations, and ransomware exfiltrations.

The arrest follows the March 2026 international crackdown in which the FBI coordinated with Europol and agencies from more than 12 countries to seize LeakBase's infrastructure, redirect its domains, and arrest approximately 45 individuals across as many nations. Physical servers in the Netherlands and Malaysia were seized; cryptocurrency wallets were frozen.

The Russian detention is diplomatically notable. Russia has historically been reluctant to act against cybercriminals operating from its territory, particularly where Western interest is involved. The suspect faces domestic charges related to creating a criminal site under Russian law — though whether the prosecution ties to the international case or is a separate domestic action remains unclear. Security researchers note that the broader market for stolen credentials will continue through alternative channels as the ecosystem adapts, but the depth of this disruption — targeting operator networks across 12+ countries simultaneously — represents a more thorough dismantling than prior forum takedowns.

Organisations affected by LeakBase-distributed data should enforce mandatory password resets for any credentials that may have appeared in known breach datasets, and ensure MFA is active on all remote access, email, and VPN infrastructure.

Full story →

WebRTC Skimmer Bypasses CSP to Steal Payment Card Data From E-Commerce Sites

Researchers disclosed a technically innovative Magecart-style payment skimmer that weaponises the WebRTC browser API — designed for peer-to-peer audio and video — to both receive its payload and exfiltrate stolen payment card data via DTLS-encrypted UDP connections. The technique completely bypasses Content Security Policy enforcement, which many e-commerce operators rely on to block JavaScript-based skimmers from phoning home.

The attack unfolds in three stages: a tiny bootstrap stub is injected into the checkout page that uses WebRTC signalling to retrieve the full malicious payload over a peer data channel (bypassing script-src CSP restrictions); the activated skimmer then hooks payment form fields to intercept card numbers, cardholder names, CVV codes, expiry dates, and billing addresses as they are entered; finally, the harvested data is serialised, encrypted, and transmitted to the attacker's C2 server over a WebRTC DataChannel running on UDP — traffic that is invisible to HTTP-layer WAFs, DLP tools, and CSP connect-src directives.

The skimmer has been observed in conjunction with PolyShell compromise of Magento 2 storefronts — the WebRTC exfiltration layer is deployed as the monetisation component after PolyShell establishes initial access. The combination is particularly dangerous given that 56% of all vulnerable Magento installations are reportedly being actively targeted by PolyShell this week.

E-commerce operators can add webrtc 'block' to their CSP header (supported in Chromium-based browsers) to disable WebRTC on checkout pages where no legitimate peer-to-peer functionality is required. Longer term, redirect-based checkout hosted by a PCI-compliant payment processor is the only complete mitigation against client-side skimming.

Full story →

LiteLLM Supply Chain Attack: TeamPCP Poisons Widely-Used AI Package on PyPI

Threat actor TeamPCP — responsible for the Trivy GitHub Actions attack last week — compromised the PyPI account of a LiteLLM maintainer and published malicious versions 1.82.7 and 1.82.8 of the package, which were live for approximately two hours on March 24. LiteLLM is a Python AI abstraction library with approximately 3 million daily downloads and an estimated presence in 36% of cloud environments.

The malicious releases contained the TeamPCP Cloud Stealer, which exfiltrated cloud provider credentials (AWS, Azure, GCP), API keys from environment variables, cryptocurrency wallet files and seed phrases, and installed a downloader for follow-on payloads. The malware's C2 polling interval was set to 50 minutes — longer than the 5–15 minute timeout of most automated sandbox environments — to evade dynamic analysis. TeamPCP claimed the attack publicly on a Telegram channel.

Any system that ran pip install litellm --upgrade during the two-hour window on March 24 should be treated as compromised. Rotate all cloud credentials and API keys on affected systems immediately, audit for persistence mechanisms, and pin LiteLLM to a verified-clean version in all deployment manifests.

Full story →

PolyShell Attacks Target 56% of All Vulnerable Magento Stores

A mass exploitation campaign leveraging the PolyShell vulnerability — a polyglot file upload flaw in Magento 2 — is actively targeting 56% of all vulnerable Magento storefronts identified by researchers, representing thousands of e-commerce sites at risk of arbitrary code execution. PolyShell takes its name from the technique of crafting files that are simultaneously valid in multiple formats, allowing attackers to bypass file type validation and upload executable code to the server.

The campaign is notable for its scale and automation: attackers are scanning for and exploiting vulnerable stores at a rate that suggests mass tooling. Once access is established, compromised stores are used to deploy the WebRTC-based payment skimmer disclosed this week, as well as persistent backdoors for long-term access. Magento 2 operators who have not already patched the underlying upload vulnerability should treat this as an immediate priority.

Full story →

Pro-Ukraine BearlyFy Group Deploys Custom Ransomware Against Russian Companies

Hacktivist group BearlyFy — aligned with Ukrainian interests — deployed custom-developed ransomware against a cluster of Russian commercial organisations this week, continuing a pattern of offensive cyber operations tied to the ongoing conflict. The group claims to have encrypted systems and exfiltrated data from targeted companies. Unlike the financially-motivated ransomware campaigns that dominate the Western threat landscape, BearlyFy's operations appear primarily intended as disruptive and politically symbolic, with no ransom demand publicly disclosed.

The incident is a reminder that the conflict continues to generate significant bilateral offensive cyber activity on both sides.

Full story →

Security Corner

10 CVEs are currently published to the Security Advisories section. Key advisories to action this week:

CVE-2025-54068 — Laravel Livewire v3 Unauthenticated RCE (CVSS 9.8 Critical) — CISA KEV — Actively Exploited Unauthenticated RCE via hydration checkpoint bypass in Livewire v3.0.0-beta.1 through v3.6.3. The public Livepyre exploit tool works without knowledge of the application's APP_KEY, targeting all 130,000+ internet-facing Livewire v3 apps. Upgrade to v3.6.4 immediately and rotate APP_KEY if ever exposed. Full advisory →

CVE-2025-43510 — Apple Multiple Products Improper Locking (CVSS 7.8 High) — CISA KEV — Actively Exploited Actively exploited improper locking flaw across watchOS, iOS, iPadOS, macOS, visionOS, and tvOS enabling privilege escalation via shared memory corruption. CISA April 3 remediation deadline for FCEB agencies. Apply all pending Apple updates immediately. Full advisory →

CVE-2026-33478 — AVideo CloneSite Plugin Unauthenticated RCE (CVSS 10.0 Critical) A chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve RCE via key disclosure, database dump, and OS command injection. If you run AVideo, patch immediately. Full advisory →

CVE-2026-27651 — NGINX Mail Module NULL Pointer Dereference (CVSS 7.5 High) NULL pointer dereference in ngx_mail_auth_http_module crashes NGINX worker processes under CRAM-MD5/APOP authentication when the upstream auth server returns Auth-Wait retry responses. Apply the F5/NGINX security patch or switch authentication methods as an interim workaround. Full advisory →

Also this week:

• CVE-2026-4599 — jsrsasign DSA private key recovery via nonce bias (CVSS 9.1 Critical) → Advisory →
• CVE-2026-4567 → Advisory →
• CVE-2026-4529 → Advisory →
• CVE-2026-3629 → Advisory →
• CVE-2026-30836 → Advisory →
• CVE-2026-22172 → Advisory →

Quick Takes

• Resolv DeFi — $24.5M Stolen via Compromised Private Key: A compromised SERVICE_ROLE key allowed an attacker to mint $80 million in unbacked USR stablecoins on the Resolv protocol and exit with $24.5 million in ETH before the protocol was suspended. The USR peg collapsed 80%, cascading losses across Fluid ($17.5M bad debt) and Curve Finance LPs ($17M). Classic key management failure — single EOA with no multisig, no mint caps, no oracle checks. Read more →

• Paid AI Accounts Are Now a Hot Underground Commodity: Stolen and fraudulently purchased accounts for premium AI services — including ChatGPT Plus, Claude Pro, and Gemini Advanced — are appearing on underground marketplaces, providing threat actors access to capability tiers with higher rate limits, more powerful models, and reduced safety filtering. The underground market value of AI accounts has risen sharply in 2026 as defenders and attackers alike race to leverage generative AI capabilities. Read more →

• Citrix Urges Admins to Patch NetScaler Flaws Immediately: Citrix issued urgent patching guidance for multiple vulnerabilities in NetScaler ADC and Gateway, warning that threat actors have a history of rapidly weaponising NetScaler disclosures. The specific CVE details are available in Citrix's advisory portal — admins should treat this as a priority patch cycle given the widespread deployment of NetScaler in enterprise edge infrastructure. Read more →

• Trivy Supply Chain Attack Targets CI/CD Secrets: The Trivy open-source scanner was compromised by TeamPCP via a pull_request_target misconfiguration that enabled theft of a repo PAT, which was used to force-push malicious tags to 75 of 76 release tags in the aquasecurity/trivy-action repository. The TeamPCP Cloud Stealer infostealer was silently executed before the legitimate scanner in over 10,000 CI/CD workflows. Pin to commit SHA, not version tags. Read more →

• Crunchyroll Investigating Breach — Hacker Claims 68M User Records: A threat actor claims to have exfiltrated 68 million user records from the Crunchyroll anime streaming platform, including email addresses, usernames, and hashed passwords. Crunchyroll has confirmed an active investigation is underway. Read more →

• Mazda Discloses Security Breach Exposing Employee and Partner Data: Mazda confirmed unauthorized access to internal systems exposing employee and business partner personal data. The attacker identity and full scope remain under investigation. Read more →

• Nigerian National Sentenced to 7 Years for $6M Email Fraud: A U.S. federal court sentenced a Nigerian national to seven years in prison for a $6 million business email compromise scheme targeting dozens of organizations across multiple U.S. states. Read more →

Upcoming

• April 3 — CISA KEV Remediation Deadline: Federal Civilian Executive Branch agencies must have patched CVE-2025-43510 (Apple improper locking) and CVE-2025-54068 (Laravel Livewire RCE) by April 3, 2026 per Binding Operational Directive 22-01. Both are actively exploited — all organizations should treat these as urgent regardless of FCEB status.

• PTC Windchill / FlexPLM Formal Patch: PTC confirmed an official patch for CVE-2026-4681 (CVSS 10.0 RCE) is in active development following last week's emergency advisory and BKA nationwide alert. Monitor PTC's advisory portal and maintain the Apache/IIS servlet path restriction workaround until the formal patch is available.

• TeamPCP Investigation Ongoing: Aqua Security and the broader security community continue to assess the full scope of TeamPCP's supply chain campaign — which now spans Trivy GitHub Actions, LiteLLM on PyPI, and Docker Hub artefacts. Expect further disclosures. Any environment that ran affected Trivy versions (0.69.4–0.69.6) or installed LiteLLM 1.82.7–1.82.8 should be treated as compromised until credential rotation and endpoint investigation are complete.

• April Patch Tuesday: Microsoft's next scheduled patch cycle lands the second Tuesday of April. With the current wave of supply chain and RCE disclosures, expect significant patches for Windows, Exchange, and Office components. Begin patch-readiness reviews now.

• Magento PolyShell Patching: The active mass-exploitation campaign targeting vulnerable Magento 2 stores underscores urgency. If your Magento installation has not been patched against the PolyShell upload vulnerability, treat it as actively under threat and apply the fix immediately. Audit checkout page JavaScript for unauthorized changes consistent with WebRTC skimmer deployment.

By the Numbers

CosmicBytez Labs — IT & Cybersecurity Intelligence Hub

Unsubscribe · Privacy Policy · View in browser