top of page

Latest Articles

[March 2026] Four New Threats Japanese Companies Should Be Wary of: From Wi-Fi Vulnerabilities to Supply Chain Attacks

  • 11 hours ago
  • 4 min read

This Week's Security Threat Highlights

In March 2026, the global cybersecurity threat landscape is rapidly changing. Four new threats, particularly those likely to affect Japanese companies, have emerged. This article details these threats and outlines the countermeasures Japanese companies should take.



1. AirSnitch Attack: A New Risk to Wi-Fi


In February 2026, security researchers reported a new Wi-Fi attack method they named "AirSnitch." This attack is believed to exploit vulnerabilities in the lower layers of the network stack (Layers 1 and 2) and potentially bypass client isolation features.

If an attacker is connected to the same access point (AP), depending on the environment and settings, communication between different SSIDs or network segments may be intercepted and tampered with.

Furthermore, it has been pointed out that this could potentially affect multiple products and configurations, including those from Netgear, D-Link, Ubiquiti, Cisco, DD-WRT, and OpenWrt.

Relevance to Japanese Companies: Many Japanese companies have implemented guest Wi-Fi in their offices and branches. If affected by this attack, there is a higher risk that internal communications may be observed via the guest network. Particular attention should be paid to intranet communications and DNS communications sent in plain text.


2. TeamPCP supply chain attack: Massive breach of development tools


Between March 19th and 24th, 2026, a hacking group called TeamPCP carried out a large-scale supply chain attack against multiple development tools. The targets of the attack were the vulnerability scanner Trivy, the code analysis tool Checkmarx KICS, and the AI development tool LiteLLM. It appears that the attackers exploited these tools and their associated distribution channels. The attackers injected credential-stealing malware into these tools, stealing AWS, Azure, and GCP cloud credentials, Kubernetes tokens, and cryptocurrency wallet information. In particular, the malware in LiteLLM was designed to automatically execute when Python was started.

Relevance to Japanese Companies: Many Japanese software development companies and cloud-using companies use these tools. Companies engaged in AI development and cloud-native development, in particular, tend to have high usage rates of LiteLLM, Trivy, and Checkmarx. This attack poses a risk of unauthorized access to a company's cloud infrastructure.



3. Interlock Ransomware: Cisco FMC Zero-Day Exploit

In March 2026, the Interlock ransomware group launched a large-scale campaign exploiting a critical zero-day vulnerability (CVE-2026-20131, CVSS 10.0) in Cisco Secure Firewall Management Center (FMC). This vulnerability allows for remote code execution (RCE) with root privileges without authentication, and its exploitation had been observed since around January 2026. By compromising Cisco FMC, the attackers gained control of the core of corporate network security, enabling them to deploy ransomware and eavesdrop on data.

Relevance to Japanese Companies: Cisco FMC is widely used by many companies in Japan that own critical infrastructure, including large corporations, financial institutions, and telecommunications carriers. Exploitation of this vulnerability could compromise the entire network of a company. Companies whose firewall management screens are exposed to the internet, in particular, need to take immediate action.



4. Lotus Blossom: State-Sponsored Espionage via Notepad++ Supply Chain Attack


In February 2026, Palo Alto Networks Unit 42 revealed that the Chinese-based APT "Lotus Blossom" had compromised Notepad++'s update infrastructure and was distributing the Chrysalis backdoor using DLL sideloading techniques. The attack was carried out between June and December 2025, primarily targeting government agencies, telecommunications operators, and critical infrastructure companies in Southeast Asia. The attackers intercepted traffic to Notepad++'s update servers and delivered malicious updates to specific users. This is a sophisticated espionage operation targeting privileged users, as Notepad++ is widely used by system administrators and DevOps personnel.

Relevance to Japanese Companies: System administrators and engineers at major Japanese companies also frequently use Notepad++. Critical infrastructure companies, particularly financial institutions, manufacturers, and telecommunications companies, are especially likely targets. This attack is not simply malware distribution, but aims at long-term espionage, and there is a risk that confidential information of Japanese companies will be intercepted.



sauce

1. AirSnitch attack: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises


2. TeamPCP Supply Chain Attack: TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign


3. Interlock Ransomware: Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access


4. Lotus Blossom Notepad++ Attack: Nation-State Actors Exploit Notepad++ Supply Chain



What we can do for you with PIPELINE


Countermeasures against AirSnitch attacks

RiskSensor: Detects vulnerabilities in Wi-Fi settings by visualizing external network risks. ThreatIDR: Prevents cache poisoning attacks by blocking intercepted DNS communications through DNS-level threat blocking. DatalaiQ: Supports incident investigations by analyzing network logs to detect abnormal MAC address changes and signs of port eavesdropping.


Countermeasures against TeamPCP supply chain attacks

RiskSensor: Dark web monitoring enables early detection of leaked cloud credentials and API keys. ThreatIDR: C2 communication blocking prevents malware from sending cloud credentials externally. DatalaiQ: Threat hunting functionality detects unusual process execution and file access within the development environment to determine if a breach has occurred.


Interlock ransomware (Cisco FMC zero-day) countermeasures

RiskSensor: Monitors whether the Cisco FMC management screen is exposed to the internet by visualizing external risks. ThreatIDR: Detects ransomware communication patterns and blocks communication to the C2 server. DatalaiQ: Detects traces of attempted unauthorized access to the FMC and RCE execution through log analysis, accelerating incident response.


Countermeasures against the Lotus Blossom Notepad++ attack

RiskSensor: Detects the leakage of intercepted confidential company information and authentication credentials through dark web monitoring. ThreatIDR: Detects and blocks DLL sideloading and Chrysalis backdoor communications. DatalaiQ: Detects abnormal child process generation and network communications from the Notepad++ process through endpoint log analysis to check for backdoor infections.




✦ Finally


Thank you for reading this far.

We at PIPELINE Corporation are a group of experts specializing in cybersecurity and threat intelligence.

We face threats together with our customers on-site every day.

"Even if we have a specialized team within the company, we lack the resources," "We don't know where to start," and "We want to prepare realistically, assuming we will be attacked."

We receive many inquiries like this. Regardless of the size of the company, the current situation is that weak points in defenses are easily targeted.

Furthermore, trying to handle everything internally inevitably makes it easier for things to be overlooked.

That's why we focus on practical methods that are useful in the field, rather than idealistic theories, and propose a small-scale, easy-to-implement approach. Even "a small step within your capabilities" can make a big difference in safety.

If you have any concerns at all, please feel free to contact us. Let's work together to find the quickest way to strengthen your security.



Latest Articles

bottom of page