Best of SecurityMarch 2026

  1. 1
    Article
    Avatar of collectionsCollections·8w

    Malicious axios versions 1.14.1 and 0.30.4 deploy a remote access trojan via supply chain attack

    Two malicious versions of axios (1.14.1 and 0.30.4) were published to npm on March 31, 2026, after an attacker hijacked a lead maintainer's npm credentials. The packages themselves were clean but pulled in a staged dependency, plain-crypto-js, which ran a postinstall script downloading platform-specific second-stage payloads from a C2 server. The payloads self-deleted after execution to hinder forensics. Socket detected the attack within minutes, Vercel blocked the C2 domain, and the versions were unpublished. Developers should check lockfiles and node_modules for the affected versions, rotate all secrets from affected environments, pin to safe versions, and add --ignore-scripts to CI npm installs. The incident highlights the systemic risk of unpinned dependencies in ecosystems where a single compromised maintainer account can affect hundreds of millions of weekly installs.

  2. 2
    Article
    Avatar of dailydaily.dev·8w

    We built an org-wide AI agent in 4 days. Here's what broke in the weeks after.

    daily.dev built 'Smith', a 29K-line TypeScript AI agent integrated into their Slack workspace in just 4 days using Codex. The post covers the production incidents and security challenges that followed: credential leaks in a shared runtime requiring a growing command sanitizer, GitHub token bleeding between user sessions, a Node.js event-loop hang that systemd couldn't detect (fixed with a watchdog + health checks), memory exhaustion from a power user's long conversations (fixed with cgroup limits), and a progressive tool disclosure system to manage 60+ tools. Smith self-authors its own reusable skills via a git-backed 'brain' repo and now runs autonomous nightly tasks like spam sweeps and A/B experiment audits. Known remaining issues include an unaudited skill brain, incomplete command sanitizer, and an unsolved crash pattern from one heavy user.

  3. 3
    Article
    Avatar of danielhaxxsedaniel.haxx.se·9w

    Don’t trust, verify

    Daniel Stenberg, curl's creator, outlines the comprehensive security and verification practices the curl project employs to protect one of the world's most widely used software components. He enumerates realistic attack vectors — from insider threats and credential breaches to CI pipeline compromises and supply chain attacks — and explains how curl counters them through 21 specific practices: strict code style enforcement, banning binary blobs and Unicode obfuscation, mandatory 2FA, 200+ CI jobs, fuzzing via OSS-Fuzz, valgrind/sanitizer runs, torture tests, external audits, and a public verification page. He urges users to independently verify curl releases and to demand similar transparency from all software dependencies.

  4. 4
    Article
    Avatar of cybertec_postgresqlCYBERTEC PostgreSQL·10w

    From MD5 to Scram: The next security shift in PostgreSQL

    PostgreSQL 18 deprecates MD5 password encryption by issuing warnings whenever a user is created or altered with MD5-encrypted passwords. A new GUC parameter `md5_password_warnings` (default: on) controls these warnings. MD5 support is expected to be fully removed in a future release. The recommended replacement is scram-sha-256, which has been the default `password_encryption` setting for several versions already.

  5. 5
    Article
    Avatar of socketdevSocket·12w

    Malicious Packagist Packages Disguised as Laravel Utilities ...

    Socket's Threat Research Team discovered a remote access trojan (RAT) distributed through three Packagist packages by threat actor nhattuanbl, disguised as Laravel utilities. The packages nhattuanbl/lara-helper and nhattuanbl/simple-queue contain an identical obfuscated PHP RAT payload in helper.php, while nhattuanbl/lara-swagger acts as a clean-looking vector that silently pulls in lara-helper as a Composer dependency. Once loaded, the RAT connects to a C2 server, supports shell execution, file read/write, screenshots, and system reconnaissance, and runs persistently in the background. The payload uses goto spaghetti, hex/octal string encoding, and randomized identifiers to evade static analysis. Affected hosts should be treated as fully compromised, with all secrets rotated and the payload removed. Key takeaways: transitive dependencies deserve the same scrutiny as direct installs, and dev-master constraints are high-risk in production.

  6. 6
    Article
    Avatar of glwGolang Weekly·11w

    Golang Weekly Issue 592: March 6, 2026

    Golang Weekly issue 592 covers Go 1.26.1 and 1.25.8 security releases fixing five vulnerabilities in crypto/x509, html/template, net/url, and os packages. Featured articles include a deep dive into stack allocation improvements in Go 1.25+ that reduce GC overhead, a guide on preventing silent mutex bugs using generic closures, and best practices for secure error handling. Also linked: opinions on why Go lacks a try keyword, Go for AI agents, and X.509 certificate verification vulnerabilities. Library releases include govips 2.17, eBPF 0.21, Gin 1.12, go-github 84.0, and several others.

  7. 7
    Article
    Avatar of postgresPostgreSQL·12w

    pgdsat version 2.0 has been released

    pgdsat 2.0, an open-source PostgreSQL Database Security Assessment Tool, has been released. It checks around 90 PostgreSQL security controls, including all recommendations from the CIS compliance benchmark. Version 2.0 adds 13 new security checks aligned with the CIS Benchmark for PostgreSQL 17 and includes bug fixes. The tool runs on Linux under the GPLv3 license and is maintained by HexaCluster Corp.

  8. 8
    Article
    Avatar of singularityhubSingularity Hub·11w

    Hackers Are Automating Cyberattacks With AI. Defenders Are Using It to Fight Back.

    Generative AI is now being actively used by hackers to automate cyberattacks at unprecedented scale and speed. Evidence includes Russian-speaking attackers using commercial AI to breach FortiGate-protected systems across 55 countries, an NYU researcher's autonomous AI ransomware prototype, and a Chinese state-linked group automating 80-90% of an espionage campaign via Claude. On the defensive side, Anthropic released Claude Code Security for vulnerability scanning, CrowdStrike launched AI agents for malware analysis and threat hunting, and Aikido Security introduced AI-driven continuous penetration testing. The outcome of this AI arms race will depend more on adaptation speed than raw model capabilities.

  9. 9
    Article
    Avatar of hnHacker News·9w

    NanoClaw Adopts OneCLI Agent Vault

    NanoClaw is integrating OneCLI's Agent Vault as its default credential and proxying layer for AI agents. Instead of agents holding raw API keys, the vault proxies outbound requests, injects credentials at the gateway level, and enforces policy rules like rate limits. This addresses a real risk illustrated by a Meta AI director's incident where an agent mass-deleted emails despite explicit instructions not to act autonomously. The integration combines NanoClaw's Docker-based runtime isolation with OneCLI's credential isolation and policy enforcement, giving users fine-grained control over what agents can access, how often, and with human-in-the-loop approval flows on the roadmap. Both projects are open source.

  10. 10
    Video
    Avatar of bytemonkByteMonk·9w

    OpenClaw Was Dangerous… Until NVIDIA Stepped In?

    Jensen Huang's keynote called OpenClaw (an AI agent that runs locally and can browse the web, manage files, run code, and communicate externally) the most important software release ever. However, OpenClaw had serious security vulnerabilities: unauthenticated gateway connections, malicious third-party plugins, and prompt injection attacks. NVIDIA responded by building NemoClaw, a security runtime that wraps OpenClaw in OS-level enforcement using Linux security primitives (landlock, seccomp, network namespaces), a policy engine controlling all file/network/API access, and a privacy router that keeps sensitive data local. The strategic logic mirrors NVIDIA's CUDA playbook: make agents safe enough for enterprise deployment, and enterprises will need compute — which runs on NVIDIA hardware. NemoClaw is open source but ships optimized for NVIDIA GPUs and pairs with the $4,000 DGX Spark desktop, revealing the real business model: selling the hardware the agents run on.

  11. 11
    Article
    Avatar of tailscaleTailscale·10w

    Border0 is joining Tailscale

    Tailscale has acquired Border0, a Vancouver-based startup focused on Privileged Access Management (PAM). Border0 provides application-layer access controls including SSH, Kubernetes, RDP/VNC, database access, session recording, and audit trails. The acquisition extends Tailscale's network connectivity foundation into the authorization and session visibility layer. Border0 is already integrated with Tailscale via tsnet and will eventually be folded into a native Tailscale PAM offering. Existing Border0 customers can find transition details in a published FAQ.

  12. 12
    Article
    Avatar of agents_digestAgentic Digest·8w

    Claude Code gets computer use, GitHub Copilot injects ads into PRs

    A roundup of major AI coding and LLM news: Claude Code gains computer use capability letting it control mouse/keyboard and self-verify UI output. GitHub Copilot was caught injecting ads into over 1.5M pull request descriptions at 1,000+ insertions/day. Alibaba's Qwen 3.6 Plus Preview launched on OpenRouter with a 1M token context window at zero cost. ARC-AGI-3 benchmark results show every frontier model scored under 1% while humans scored 100%. Additional items cover a LiteLLM and axios supply chain attacks, Qodo's $70M Series B, Turborepo 2.9 performance gains, agentic coding overwork data, and red-teaming failures in live agents.

See all Security archives