ThreatsDay Bulletin Reveals Surge in PQC Tooling, AI‑Driven Vulnerability Hunting, Phishing Kits, and Supply‑Chain Exploits
What Happened — The latest ThreatsDay bulletin (The Hacker News, 27 Mar 2026) aggregates 20+ emerging threats, including a push for post‑quantum cryptography (PQC) tooling, AI‑assisted vulnerability hunting scripts, repackaged phishing kits, and renewed activity from known supply‑chain actors.
Why It Matters for TPRM —
- New PQC utilities may be adopted by vendors before proper validation, introducing unknown cryptographic risks.
- AI‑generated exploit code accelerates discovery of zero‑day flaws, shortening attacker dwell time.
- Re‑used phishing kits indicate credential‑theft campaigns targeting third‑party users and service accounts.
- Supply‑chain exploits highlight the need for continuous monitoring of vendor security postures.
Who Is Affected — Technology SaaS providers, cloud hosting services, API providers, and any organization that relies on third‑party software components.
Recommended Actions — Review any vendor’s roadmap for PQC adoption, validate cryptographic implementations, harden AI‑related tooling controls, update phishing‑defense training, and expand supply‑chain monitoring to include newly identified threat actors.
Technical Notes — The bulletin cites:
- PQC libraries being distributed via unofficial GitHub repos (potential malicious backdoors).
- Open‑source AI models repurposed to auto‑generate exploit PoCs (attack vector: MALWARE/AI‑ASSISTED).
- Phishing kits leveraging compromised CDN endpoints (attack vector: PHISHING).
- A supply‑chain intrusion leveraging a misconfigured CI/CD pipeline (attack vector: MISCONFIGURATION).