Best of Cybersecurity — March 2026

1. 1
   Article

   Collections·3w

   Malicious axios versions 1.14.1 and 0.30.4 deploy a remote access trojan via supply chain attack

   Two malicious versions of axios (1.14.1 and 0.30.4) were published to npm on March 31, 2026, after an attacker hijacked a lead maintainer's npm credentials. The packages themselves were clean but pulled in a staged dependency, plain-crypto-js, which ran a postinstall script downloading platform-specific second-stage payloads from a C2 server. The payloads self-deleted after execution to hinder forensics. Socket detected the attack within minutes, Vercel blocked the C2 domain, and the versions were unpublished. Developers should check lockfiles and node_modules for the affected versions, rotate all secrets from affected environments, pin to safe versions, and add --ignore-scripts to CI npm installs. The incident highlights the systemic risk of unpinned dependencies in ecosystems where a single compromised maintainer account can affect hundreds of millions of weekly installs.

   423

   25
2. 2
   Video

   Low Level Learning·6w

   they hardcoded the password. thats the hack.

   A Chinese threat actor known as Silk Typhoon (UNC5221) is actively exploiting CVE-2026-22769 in Dell RecoverPoint virtual machine management software. The vulnerability stems from a hardcoded admin password embedded in the software binary, which can be trivially extracted using the 'strings' command. Because the same password is used across all deployments, attackers can use it to deploy a malicious WAR file to the Tomcat server, execute code as root, and install a C-based backdoor called Grimble. The video explains symmetric vs. asymmetric cryptography to illustrate why shared hardcoded keys are dangerous, and proposes solutions like per-deployment key rolling or PKI-based authentication. Silk Typhoon's broader tactics are also covered, including exploiting VPN concentrators and using hidden network interfaces with iptables rules to evade monitoring. Detection signatures from Google Threat Intelligence are shared for defenders using Dell RecoverPoint.

   28

   5
3. 3
   Video

   Seytonic·4w

   Every Insane Hack in the 2026 Iran War (So Far)

   A rundown of cyber operations during the 2026 Iran conflict, covering US Cyber Command disrupting Iranian early warning systems, Israel hacking Tehran traffic cameras and phone networks to enable the assassination of Iran's Supreme Leader, an Iranian prayer app being hijacked to broadcast pro-Western messages, Iran's 20-day internet blackout, Iranian hackers targeting Jordan's wheat reserve via industrial control systems, Shahed drone strikes on AWS data centers in the UAE and Bahrain knocking out over 100 services, and a devastating wiper attack on Stryker (a US healthcare company) carried out by pro-Iranian group Handler Hack via a compromised Microsoft Intune admin account that wiped 200,000+ devices. Hacktivist groups like 313 Team and Russian No-Name are also active but largely limited to short DDoS campaigns.

   31
4. 4
   Article

   Singularity Hub·6w

   Hackers Are Automating Cyberattacks With AI. Defenders Are Using It to Fight Back.

   Generative AI is now being actively used by hackers to automate cyberattacks at unprecedented scale and speed. Evidence includes Russian-speaking attackers using commercial AI to breach FortiGate-protected systems across 55 countries, an NYU researcher's autonomous AI ransomware prototype, and a Chinese state-linked group automating 80-90% of an espionage campaign via Claude. On the defensive side, Anthropic released Claude Code Security for vulnerability scanning, CrowdStrike launched AI agents for malware analysis and threat hunting, and Aikido Security introduced AI-driven continuous penetration testing. The outcome of this AI arms race will depend more on adaptation speed than raw model capabilities.

   14

   3