US cyber strategy shifts

The White House published its National Cyber Strategy on March 6, 2026 and issued a parallel Executive Order aimed at “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens.” (whitehouse.gov) The document is organized around six policy pillars and explicitly tasks the private sector with new incentives to identify and disrupt adversary networks while expanding federal offensive options. (axios.com) Federal and industry playbooks within the strategy push AI-native defenses and formalize practices such as AI red‑teaming and machine‑readable policy to close the operational tempo gap with automated threats. (cisa.gov) A coordinated supply‑chain campaign attributed to “TeamPCP” weaponized Aqua Security’s Trivy on March 19, 2026 by publishing a malicious Trivy v0.69.4 binary and force‑pushing 76 of 77 tags in the trivy-action repository, a compromise tracked as CVE‑2026‑33634. (nvd.nist.gov) That foothold was then used to push backdoored packages to downstream ecosystems: attacker‑published LiteLLM versions 1.82.7 and 1.82.8 appeared on PyPI on March 24, 2026 and included a.pth startup payload and import‑triggered stealer, according to parallel technical writeups and the project’s incident thread. (snyk.io) Researchers describe the campaign as multi‑stage and multi‑ecosystem—Trivy, Checkmarx KICS, npm packages and PyPI were affected in waves between late February and March 24, 2026—creating broad CI/CD exposure and credential theft pathways. (safedep.io) Incident guidance from NVD, Aqua Security and Microsoft instructs teams to assume exposed secrets were compromised, rotate all credentials immediately, pin GitHub Actions to immutable SHAs, and audit workflow logs from March 19–20 and March 24 for signs of exfiltration. (nvd.nist.gov)