April 2026 Cloud Security: Supply Chain Attacks & Critical RCEs

April 2026: A Relentless Month for Cloud Security

April 2026 was a defining month for cloud defenders. From coordinated supply chain campaigns that jumped across ecosystems in days, to pre-authentication remote code execution vulnerabilities sitting quietly in tens of thousands of cloud environments, the threat landscape accelerated. This post breaks down the most significant vulnerabilities, active campaigns, and supply chain incidents reported this month — and what they mean for your organization.

TeamPCP's Multi-Stage Supply Chain Cascade

The most technically sophisticated story of the month belongs to TeamPCP, a threat actor that executed a fast-moving, multi-stage supply chain campaign targeting open-source security and developer tooling.

The attack began with the compromise of Aqua Security's Trivy, a widely used container vulnerability scanner. Using stolen CI/CD secrets and compromised service accounts, TeamPCP injected credential-stealing payloads into legitimate Trivy releases. From there, the actor pivoted rapidly — expanding into KICS GitHub Actions and ultimately the LiteLLM Python package.

The LiteLLM compromise introduced a particularly dangerous persistence mechanism: abuse of Python's .pth file execution. By planting malicious code in a .pth file, the payload executes automatically whenever any Python process starts on the affected system — without any direct invocation. This dramatically widens the blast radius beyond the LiteLLM package itself.

Consistent tooling, encryption methods, and exfiltration infrastructure were observed across all three incidents, confirming a single coordinated actor with a clear escalation playbook.

The campaign is a textbook demonstration of how a single trusted component in the software supply chain can serve as a springboard for lateral movement across entire ecosystems. Cloud credentials, API keys, and CI/CD secrets were harvested at scale from downstream environments. Organizations using any of these tools should audit their CI/CD pipelines and rotate all secrets immediately.

Critical Vulnerabilities Demanding Immediate Attention

RCE in GitHub Enterprise Server (CVE-2026-3854)

Wiz Research disclosed a high-severity remote code execution vulnerability in GitHub Enterprise Server. The flaw allows any attacker with repository push access to achieve RCE on the GHES instance by injecting special characters into Git push option values, which then pollute internal service headers.

According to Wiz telemetry, 4% of cloud environments contain resources vulnerable to this CVE. For organizations running self-hosted GitHub Enterprise, patching should be treated as urgent — repository push access is not a high bar for many internal threat actors or compromised developer accounts.

Pre-Authentication Telnetd Buffer Overflow (CVE-2026-32746)

This is the month's most broadly exposed vulnerability. A critical buffer overflow in the telnetd service of GNU Inetutils allows unauthenticated attackers to achieve remote code execution before any authentication takes place. The flaw lives in the LINEMODE SLC (Set Local Characters) negotiation handler and can be triggered purely through Telnet option negotiation.

Because telnetd commonly runs as root, successful exploitation yields full system compromise. Wiz data shows 23% of cloud environments have resources exposed to this vulnerability — the highest exposure rate of any CVE disclosed this month.

No authentication required to trigger
Runs with root privileges in most configurations
23% of cloud environments affected per Wiz telemetry

If telnetd is not explicitly required, disable it immediately. If it is required, apply GNU Inetutils patches and restrict Telnet port access to trusted network segments only.

F5 BIG-IP RCE Actively Exploited in the Wild (CVE-2025-53521)

CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog this month following confirmed in-the-wild exploitation. The vulnerability affects F5 BIG-IP Access Policy Manager and enables unauthenticated remote code execution when malicious traffic is processed by the device.

Originally classified as a denial-of-service issue, the flaw has been reclassified as a critical RCE with CVSS 9.3. Organizations running BIG-IP APM should treat this as actively weaponized — apply F5's patches immediately and review network access logs for anomalous traffic patterns consistent with exploitation.

NetScaler ADC and Gateway Memory Disclosure (CVE-2026-3055, CVE-2026-4368)

Citrix disclosed two vulnerabilities in NetScaler ADC and NetScaler Gateway — one critical (CVE-2026-3055) and one high severity (CVE-2026-4368). Together they may allow unauthenticated memory disclosure and user session mixups, particularly in environments using SAML identity provider configurations or gateway services.

Wiz data places exposure at approximately 3.5% of cloud environments. The session confusion vector is especially concerning in enterprise gateway deployments where cross-user data exposure could breach compliance boundaries.

Active Threat Campaigns

MuddyWater Iranian APT: Multi-Stage Espionage Operation

The Iran-aligned threat actor MuddyWater ran an active multi-stage espionage campaign from mid-February through at least March 4, targeting government, healthcare, aviation, and technology organizations primarily in the Middle East, with limited reach into Europe and the United States.

Initial access was gained by exploiting internet-exposed edge devices — specifically Fortinet and Ivanti systems — via known CVEs and password brute-force attacks. Post-compromise, the actors used a mix of custom and publicly available tools to maintain persistent access.

Exfiltrated data included PII, financial records, and corporate credentials. Evidence of cryptocurrency and credit card data theft suggests the campaign blended traditional espionage objectives with opportunistic financially motivated cybercrime.

GlassWorm's FORCEMEMO: GitHub Force-Push Supply Chain Attack

Researchers identified a new wave of the GlassWorm campaign, attributed to an Eastern European cybercriminal group, tracked this cycle as FORCEMEMO. The campaign chains three distinct techniques:

Invisible Unicode character injection to hide malicious code in plain sight
Credential theft via trojanized editor extensions (VS Code and similar)
A novel GitHub force-push attack vector that silently rewrites repository commit history with malicious code

The force-push technique is particularly insidious because it can retroactively poison a repository's history, making forensic analysis and rollback significantly more complicated for affected maintainers.

Axios NPM Package Compromised

On March 31, 2026, the widely used Axios NPM package was compromised through two malicious versions that distributed a lightweight backdoor to downstream users. Given Axios's presence in millions of JavaScript projects, the potential exposure surface is enormous. Developers should verify their installed Axios version, check for unauthorized package updates in lockfiles, and audit any environments that resolved new Axios versions around that date.

Key Takeaways for Cloud Security Teams

April's incidents point to several consistent themes that security teams should internalize going into May:

Supply chain trust is the new attack surface. TeamPCP, GlassWorm, and the Axios compromise all demonstrate that attackers are targeting the tools developers trust most — package managers, CI/CD actions, and security scanners.
Pre-authentication vulnerabilities demand zero-delay patching. CVE-2026-32746 in Telnetd and CVE-2025-53521 in BIG-IP require no credentials to exploit. There is no safe window for remediation.
23% is not a small number. Nearly one in four cloud environments carrying a remotely exploitable, pre-auth root-level vulnerability is a systemic problem. If you haven't assessed your Telnetd exposure, do it now.
Rotate secrets after any supply chain event. TeamPCP's exfiltration focus was cloud credentials and CI/CD secrets — rotate these aggressively whenever a tool in your pipeline is implicated.

Conclusion

April 2026 demonstrated that cloud security threats are increasingly interconnected. A single compromised tool leads to ecosystem-wide credential harvesting. A single misclassified denial-of-service bug becomes an actively exploited critical RCE. The velocity of both discovery and exploitation continues to increase, and the organizations that close gaps fastest are the ones that survive intact. Review your exposure to this month's CVEs, audit your software supply chain dependencies, and ensure your incident response playbooks account for supply chain pivot scenarios — because TeamPCP has already proven they work.