{"id":108049,"date":"2026-04-02T09:17:00","date_gmt":"2026-04-02T07:17:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=108049"},"modified":"2026-04-01T21:21:18","modified_gmt":"2026-04-01T19:21:18","slug":"rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","title":{"rendered":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02)"},"content":{"rendered":"<style type=\"text\/css\">\n@import url(\"https:\/\/cmxiv.net\/cxzero\/cxzero-blog-styles-inject.extracted.css\");\n@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");\n<\/style>\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script>\n<script>hljs.highlightAll();<\/script>\n\n\n\n\n<p class=\"print-source-info\"><script>\n    document.write(\"&copy;&nbsp;Checkmarx, all rights reserved. Retrieved \" + new Date().toLocaleDateString() + \" from<br\/>\" + window.location.href)<\/script>\n    <noscript>This document &copy;&nbsp;Checkmarx, all rights reserved.<\/noscript>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"overview-of-the-last-week-in-appsec\">Overview of the Last Week In AppSec<\/h2>\n\n\n\n<p>It was an exciting week for Supply Chain Security: and we mean \u201cexciting\u201d in the \u201cmay you live in interesting times\u201d kind of way.<\/p>\n\n\n\n<p>You almost certainly heard about&nbsp;<a href=\"https:\/\/www.sans.org\/blog\/axios-npm-supply-chain-compromise-malicious-packages-remote-access-trojan\">the Axios compromise that led to remote access trojan installation<\/a>, so we\u2019re not going to discuss that further here. What you might&nbsp;<em>not<\/em>&nbsp;have heard of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Langflow code injection<\/strong>\u00a0CVE from the prior week got added to the CISA KEV (Known Exploited Vulnerabilities) database just days after disclosure.<\/li>\n\n\n\n<li>\n<strong>Telnyx Python framework infected with malware<\/strong>, with a surprising abuse of\u00a0<code>.wav<\/code>\u00a0audio files to conceal malicious payloads.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"langflow-cve-2026-33017-added-to-cisa-kev\">Langflow CVE-2026-33017 added to CISA KEV<\/h2>\n\n\n\n<p>The popular low-code AI and&nbsp;RAG&nbsp;framework&nbsp;<a href=\"https:\/\/www.langflow.org\/\">Langflow<\/a>\u2019s recent&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33017\">code injection vulnerability<\/a>&nbsp;was&nbsp;<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-33017\">added to the&nbsp;<abbr title=\"Cybersecurity Infrastructure &amp; Security Agency\">CISA<\/abbr>&nbsp;KEV<\/a>&nbsp;(Known Exploited Vulnerabilities) database this past week, demonstrating that this issue from earlier in the week is appetizing to adversaries.<\/p>\n\n\n\n<p>The core issue, as described in&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33017\">CVE-2026-33017<\/a>, arises because attacker-controlled&nbsp;<code>POST<\/code>&nbsp;requests to&nbsp;<code>\/api\/v1\/build_public_tmp\/{flow_id}\/flow<\/code>&nbsp;endpoints are passed directly to&nbsp;<code>exec()<\/code>&nbsp;without any sandboxing.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody>\n<tr>\n<td><strong>Affected<\/strong><\/td>\n<td>langflow services through (and including) 1.8.2<\/td>\n<\/tr>\n<tr>\n<td><strong>Fixed<\/strong><\/td>\n<td>langflow versions 1.9.0 and newer<\/td>\n<\/tr>\n<\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"telnyx-framework-versions-compromised\">Telnyx framework versions compromised<\/h2>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/pypi.org\/project\/telnyx\/\">telnyx framework<\/a>, a Python framework for handling carrier-grade voice and related functions, was compromised in a supply chain attack last week.<\/p>\n\n\n\n<p>Compromised versions (4.87.1 and 4.87.2) retrieved a spec-valid&nbsp;<code>.wav<\/code>&nbsp;audio file from a remote host (thus avoiding triggering suspicion), which had executable code hidden inside the audio frames. The payload varies, but harvests information from the infected computer and exfiltrates it via an HTTP&nbsp;<code>POST<\/code>&nbsp;to&nbsp;<code>83[.]142[.]209[.]203[:]8080\/<\/code><\/p>\n\n\n\n<p>Fortunately, the community identified and removed the affected versions quickly; but private registries and similar package proxies may retain the compromised revisions, so investigation and response is important.<\/p>\n\n\n\n<details>\n<summary>Checkmarx Malicious Package Identification data for affected versions of telnyx<\/summary><pre><code class=\"language-json\">[\n  {\n    \"type\": \"pypi\",\n    \"name\": \"telnyx\",\n    \"status\": \"SCANNED\",\n    \"version\": \"4.87.1\",\n    \"ioc\": [\n      \"83.142.209.203\"\n    ],\n    \"risks\": [\n      {\n        \"id\": \"097bc3bb508a0d30d69f8fa84fbf7541fd1d42e3\",\n        \"description\": \"This package downloads a harmful file.\\n### About\\n\\nUsing a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem activity such as newly created files within the lifecycle of the code package.\\n\\nOnce new files are created, our technology analyzes each of the newly created files. In case a file is harmful, this risk is shown. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/harmful-file-download.png)\",\n        \"title\": \"Harmful File Download\",\n        \"score\": 9\n      },\n      {\n        \"id\": \"53897b25c15efe005b722f26867307ef103445d5\",\n        \"description\": \"This package exfiltrates computer and operating system information\\n### About\\n\\nData exfiltration may be done in numerous ways such as through HTTP requests, DNS tunneling, various webhooks and more. It is common by attackers to try to exfiltrate sensitive information such as:\\n- Credentials\\n- Environment variables\\n- SSH keys\\n- Authentication tokens\\n- Computer and operating system information\\n- Network settings\\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/data-exfiltration.png)\",\n        \"title\": \"Data Exfiltration\",\n        \"score\": 6\n      },\n      {\n        \"id\": \"d2994ee8b15325588d97ca045e8d88e369222f96\",\n        \"description\": \"This package was manually inspected by a security researcher and flagged as malicious\\n### About\\n\\nClassifying malicious packages is an internal process, analysis is done at scale automatically via multiple engines. Once there's a risk suspicion, this is forwarded to a security researcher for a manual evaluation.\\n\\nAttackers take advantage of the excessive trust in the open-source ecosystem and launch software supply chain attacks in the form of code packages.   \\n\\nThe risk of having a package with a malicious payload is high. It's a common behavior for most of the malicious payloads to execute itself automatically upon installing or using the package. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/malicious-package.png)\\n\\nWhile some dependency vulnerabilities have the privilege to be kept as known issue due to risk-management, same does not apply in the case of a malicious package, and it should be removed with the highest priority.\",\n        \"title\": \"Malicious Package\",\n        \"score\": 10\n      }\n    ]\n  },\n  {\n    \"type\": \"pypi\",\n    \"name\": \"telnyx\",\n    \"status\": \"SCANNED\",\n    \"version\": \"4.87.2\",\n    \"ioc\": [\n      \"83.142.209.203\"\n    ],\n    \"risks\": [\n      {\n        \"id\": \"4241fa0d0251fb37cf5aa79b09177696a00d429c\",\n        \"description\": \"This package exfiltrates computer and operating system information\\n### About\\n\\nData exfiltration may be done in numerous ways such as through HTTP requests, DNS tunneling, various webhooks and more. It is common by attackers to try to exfiltrate sensitive information such as:\\n- Credentials\\n- Environment variables\\n- SSH keys\\n- Authentication tokens\\n- Computer and operating system information\\n- Network settings\\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/data-exfiltration.png)\",\n        \"title\": \"Data Exfiltration\",\n        \"score\": 6\n      },\n      {\n        \"id\": \"43b4cfb9025057d57e99f5d4deeb3f01e5cc5b3e\",\n        \"description\": \"This package was manually inspected by a security researcher and flagged as malicious\\n### About\\n\\nClassifying malicious packages is an internal process, analysis is done at scale automatically via multiple engines. Once there's a risk suspicion, this is forwarded to a security researcher for a manual evaluation.\\n\\nAttackers take advantage of the excessive trust in the open-source ecosystem and launch software supply chain attacks in the form of code packages.   \\n\\nThe risk of having a package with a malicious payload is high. It's a common behavior for most of the malicious payloads to execute itself automatically upon installing or using the package. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/malicious-package.png)\\n\\nWhile some dependency vulnerabilities have the privilege to be kept as known issue due to risk-management, same does not apply in the case of a malicious package, and it should be removed with the highest priority.\",\n        \"title\": \"Malicious Package\",\n        \"score\": 10\n      },\n      {\n        \"id\": \"78aeaedb24de07ca9cdfd93d18d5ee0ad013a773\",\n        \"description\": \"This package downloads a harmful file.\\n### About\\n\\nUsing a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem activity such as newly created files within the lifecycle of the code package.\\n\\nOnce new files are created, our technology analyzes each of the newly created files. In case a file is harmful, this risk is shown. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/harmful-file-download.png)\",\n        \"title\": \"Harmful File Download\",\n        \"score\": 9\n      }\n    ]\n  }\n]<\/code><\/pre>\n<\/details><br>\n\n\n\n<p>Researchers at JFrog have published a&nbsp;<a href=\"https:\/\/research.jfrog.com\/post\/team-pcp-strikes-again-telnyx-popular-library-hit\/\">very nice technical analysis<\/a>&nbsp;of the malware for those interested in the tactics in use.<\/p>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.<\/p>\n","protected":false},"author":137,"featured_media":108050,"template":"","zero-category":[1176,1333],"zero-tag":[1109,1514,1336,1071,1513],"class_list":["post-108049","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-security-blogs","zero-category-security-news","zero-tag-arbitrary-code-execution","zero-tag-langflow","zero-tag-malicious-package","zero-tag-supply-chain-security","zero-tag-telnyx"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\",\"name\":\"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"datePublished\":\"2026-04-02T07:17:00+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"width\":2560,\"height\":1280,\"caption\":\"A dark, grungy cyber-punk illustration featuring a server with glowing green eyes, a robotic head, a Python snake head, and a skull with red eyes. Text includes 'CVE-2026-33017,' 'TELNYX,' an IP address, and 'Checkmarx ZERO,' all against a backdrop of a dark city and neon green\/purple splatters.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","og_locale":"en_US","og_type":"article","og_title":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","og_description":"Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.","og_url":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","url":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","name":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","datePublished":"2026-04-02T07:17:00+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","width":2560,"height":1280,"caption":"A dark, grungy cyber-punk illustration featuring a server with glowing green eyes, a robotic head, a Python snake head, and a skull with red eyes. Text includes 'CVE-2026-33017,' 'TELNYX,' an IP address, and 'Checkmarx ZERO,' all against a backdrop of a dark city and neon green\/purple splatters."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/108049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/zero-post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108050"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108049"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=108049"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=108049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}