Best of SecurityApril 2026

  1. 1
    Article
    Avatar of bleepingcomputerBleepingComputer·2w

    New npm supply-chain attack self-spreads to steal auth tokens

    A new self-propagating supply chain attack has been discovered in the npm ecosystem, targeting packages from Namastex Labs. The malware, found in 16 compromised packages, steals developer credentials including npm publish tokens, API keys, SSH keys, cloud service credentials, CI/CD secrets, and cryptocurrency wallet data from browsers. Once it finds npm publish tokens on a compromised system, it injects itself into every package that token can publish and republishes them with an incremented version number, enabling recursive worm-like spread. It also targets PyPI if Python credentials are found, making it a multi-ecosystem threat. Developers using the listed package versions should remove them immediately, rotate all secrets, and audit CI/CD pipelines for indicators of compromise.

  2. 2
    Video
    Avatar of codingwithlewisCoding with Lewis·4w

    GitHub has a malware problem

    GitHub's trending page is being exploited by attackers who create repositories with legitimate-sounding names and purchase fake stars to lure developers into downloading malware. Researchers built Star Scout, which scanned six years of GitHub metadata and identified over 6 million suspicious fake stars by detecting ghost accounts and coordinated starring clusters. One group called Banana Squad published nearly 70 repos mimicking real Python security tools, hiding malicious code by padding it with hundreds of blank spaces to push it off-screen. A separate campaign compromised a single GitHub Action and put over 23,000 repositories at risk. The open source ecosystem's trust model is being systematically exploited at scale.

  3. 3
    Video
    Avatar of primeagenThePrimeTime·4w

    Vim Has A 0-Day????

    Claude AI discovered a remote code execution (RCE) vulnerability in Vim triggered by Vim's modeline feature, which allows files to embed and auto-execute editor commands on open. The exploit chains modeline commands to set up a tab panel expression that registers an autocommand, ultimately executing arbitrary shell commands when a malicious file is opened. A second vulnerability attributed to Emacs is also covered, but the author argues it's actually a Git fsmonitor config exploit — not an Emacs bug — that executes arbitrary scripts whenever git status is run inside a maliciously crafted repository. The author praises the Vim find as genuinely clever while criticizing the Emacs report as a misattributed bug that wastes maintainer time, drawing parallels to similar issues with cURL's HackerOne program.

  4. 4
    Article
    Avatar of astral-shAstral·4w

    Open source security at Astral

    Astral shares the security practices they use to protect their open source tools (Ruff, uv, ty) from supply chain attacks. Key areas covered include: hardening GitHub Actions CI/CD by banning dangerous triggers like pull_request_target, pinning all actions to commit SHAs, limiting permissions, and isolating secrets in deployment environments. For releases, they use Trusted Publishing to eliminate long-lived credentials, Sigstore-based attestations, immutable releases, and two-person approval gates. They also use GitHub Apps to safely handle tasks that GitHub Actions can't do securely, maintain dependency hygiene with Dependabot/Renovate plus cooldowns, and contribute financially and technically to upstream projects. The post includes shareable GitHub rulesets and practical recommendations for other maintainers.

  5. 5
    Article
    Avatar of vercelVercel·4w

    Summary of CVE-2026-23869

    A high-severity vulnerability (CVSS 7.5) tracked as CVE-2026-23869 affects React Server Components in Next.js 13.x through 16.x. A specially crafted HTTP request to any App Router Server Function endpoint can trigger excessive CPU usage upon deserialization, leading to Denial of Service. Vercel has deployed WAF mitigations to protect hosted projects automatically, but users must still upgrade to patched versions (15.5.15 or 16.2.3) as the WAF alone is not sufficient protection.

  6. 6
    Article
    Avatar of socketdevSocket·5w

    Node.js Drops Bug Bounty Rewards After Funding Dries Up

    Node.js has paused its bug bounty program after the Internet Bug Bounty (IBB) initiative, which funded it since 2016, was discontinued. The IBB, backed by companies like Microsoft and Facebook, stopped accepting new submissions on March 27 due to funding issues and a surge in AI-assisted vulnerability research that overwhelmed remediation capacity. Security reporting through HackerOne continues, but researchers will no longer receive financial rewards. The move mirrors cURL's recent decision to drop its bounty program after being flooded with low-quality AI-generated reports. The shift raises broader concerns about how critical open source infrastructure funds security work, as Node.js now relies on voluntary, goodwill-driven disclosure at a time when supply chain attacks and automated vulnerability discovery are increasing.

  7. 7
    Article
    Avatar of redpandaRedpanda·4w

    Openclaw is not for enterprise scale

    Running AI coding agents like OpenClaw (a thinly veiled reference to Claude Code) in enterprise environments without proper security architecture is fundamentally unsafe. Sandboxing alone is insufficient because credentials are already inside the sandbox. A proper enterprise-grade agentic architecture requires four components: a gateway as a single choke point for all agent access with full observability and kill-switch capability, audit logs and full transcripts capturing reasoning chains and tool calls, a token vault that keeps credentials out-of-band so agents never directly hold secrets, and sandboxed compute with strictly limited network access routed through the gateway. Redpanda demonstrates this with their 'agentic gateway interface' (agi) CLI. The core principle: agents can't leak credentials they never possess.

  8. 8
    Video
    Avatar of christitustechChris Titus Tech·4w

    Sorry Windows 10 Users...

    A sysadmin with 25 years of experience revisits his earlier warnings about Windows 10 end-of-life security risks. After attempting to exploit an unpatched Windows 10 1607 instance using Metasploit and the EternalBlue/DoublePulsar exploit, he found it surprisingly difficult — largely because a secure, business-grade network with deep packet inspection blocked the attacks even when the OS firewall was disabled. He softens his previous stance: while updating is still recommended, unpatched Windows 10 is not as immediately exploitable as commonly feared, especially on a secure network. He recommends Windows 10 LTSC for legacy use cases and encourages users who dislike Windows 11 to consider switching to Linux.

  9. 9
    Article
    Avatar of dotnet.NET Blog·4w

    .NET and .NET Framework April 2026 servicing releases updates

    Microsoft has released the April 2026 servicing updates for .NET and .NET Framework, covering versions 10.0.6, 9.0.15, and 8.0.26. The updates include fixes for five CVEs (CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-32226, CVE-2026-33116) along with non-security improvements. Changelogs are available for ASP.NET Core, the .NET runtime, Entity Framework Core, and WinForms.

  10. 10
    Article
    Avatar of socketdevSocket·2w

    Introducing Reachability for PHP

    Socket is launching experimental reachability analysis for PHP, enabling teams to determine which CVEs are actually exploitable in their specific codebase rather than triaging every advisory blindly. The engine uses function-level call graph analysis with both Tier 1 (against actual source code) and Tier 2 (pre-computed against dependency graph) modes. Key technical challenges addressed include PHP's __call magic method dispatch (used in Laravel Facades, Doctrine proxies, PHPUnit mocks) and string-based class instantiation patterns used by Laravel, Symfony, and PHP-DI containers. A concrete example with CVE-2022-29248 in guzzlehttp/guzzle demonstrates how two apps on the same vulnerable Guzzle version get different verdicts based on whether they use cookie jar handling. The engine achieves over 90% accuracy on WordPress, PHPUnit, and Flysystem, and mid-to-high 80s on Twig and Espo, validated against dynamically observed call graphs.

  11. 11
    Video
    Avatar of jherrJack Herrington·4w

    React2Shell on TanStack Start?!?

    TanStack Start's new React Server Components support does not expose apps to the React2Shell CVE that affects Next.js. Three key reasons explain why: TanStack Start routes server functions to module-specific URLs (not a predictable slash endpoint), only includes server function code when explicitly defined, and uses the Seroval data format instead of React's flight data format. Flight data's object reference traversal mechanism is the root cause of React2Shell, and Seroval avoids this attack vector entirely. Past CVEs against Seroval were permanently fixed without the single-payload attack surface that flight data has.

  12. 12
    Article
    Avatar of foojayioFoojay.io·3w

    Spring Boot 3.5 EOL — The CVE Blind Spot Nobody Talks About

    Spring Boot 3.5 reaches end of open-source support on June 30, 2026, but the real risk isn't the migration — it's what happens to CVE reporting afterward. Once a project goes EOL, security researchers stop filing reports against it, maintainers stop triaging, and the CVE pipeline dries up. Vulnerabilities don't disappear; they just stop being recorded. Bad actors exploit this gap by testing CVEs found in supported branches against EOL versions that will never receive patches. Spring Boot 2.7's post-EOL trajectory (e.g., CVE-2024-38807 with no open-source fix) illustrates the pattern. Teams still on 3.5 after June 2026 risk running what the author calls 'zombie dependencies' — technically present, functionally dead from a security standpoint, with scanners showing green while hidden vulnerabilities accumulate. The advice: assess the 3.5-to-4.0 migration scope now, before the silence sets in.

  13. 13
    Video
    Avatar of primeagenThePrimeTime·2w

    Hacked by VIM

    A demonstration of a remote code execution (RCE) vulnerability in Vim triggered simply by opening a file. The exploit leverages Vim's modeline feature, which allows files to embed editor commands in the first or last few lines. While modelines are normally safe, a crafted file can execute arbitrary commands upon opening. Claude was used to discover this bug, and humorously, a similar RCE was also found in Emacs.

  14. 14
    Article
    Avatar of neilmaddenNeil Madden·4w

    Mythos and its impact on security

    Anthropic's new Mythos model claims dangerous capabilities in finding security vulnerabilities. The author argues the hype is partially warranted but contextualizes the risk: costs of $10k-20k per vulnerability make it unlikely to be run broadly, and it's best viewed as a pentest add-on. A key insight is that Mythos succeeds largely because of oracles like AddressSanitizer that filter false positives — the same reason agentic AI coding works (type checkers, linters, test suites). Without oracles, LLM-based vulnerability finders drown in false positives. The author warns that AI tools won't fix the root causes of poor software security; real solutions require memory-safe languages, capability-based security, and slower, more deliberate development — not faster AI-assisted code generation.

  15. 15
    Article
    Avatar of nesbitt-ioAndrew Nesbitt·5w

    The Cathedral and the Catacombs

    A philosophical essay extending the classic 'Cathedral and Bazaar' metaphor by introducing a third element: the 'catacombs' — the transitive dependency graph that underlies all software projects regardless of their governance model. The author argues that while decades of discourse have focused on how software is built (cathedral vs. bazaar), almost no attention is paid to the unmapped, unaudited network of transitive dependencies that every project rests on. Drawing on real-world supply chain attacks like the xz backdoor and the event-stream incident, the piece makes the case that this dependency graph is load-bearing infrastructure that nobody designed as a whole, nobody audits holistically, and which represents a structural security risk independent of how well-governed the project above it is. AI coding agents are noted to worsen the problem by pulling in dependencies even more aggressively.

  16. 16
    Article
    Avatar of istioIstio·4w

    Announcing Istio 1.28.6

    Istio 1.28.6 is a patch release focused on security fixes and bug corrections. Key additions include Helm v4 server-side apply support, authorized namespace configuration for debug endpoints, and CIDR blocking for JWKS URIs during JWT validation. Notable fixes address a webhook failurePolicy field ownership conflict during helm upgrade, serviceAccount regex matching in AuthorizationPolicy, Gateway API CORS origin parsing, istiod crash with ambient mode and multi-network configs, a retryBudget default percent bug (0.2% instead of 20%), missing size limits on gzip-decompressed WASM binaries, and a race condition causing h2 ping errors.

  17. 17
    Article
    Avatar of lnLaravel News·3w

    Composer 2.9.6 Fixes Two Perforce Command Injection Vulnerabilities

    Composer 2.9.6 and 2.2.27 LTS have been released to patch two command injection vulnerabilities (CVE-2026-40261 and CVE-2026-40176) in the Perforce VCS driver. The first flaw affects the generateP4Command() method and can be triggered via malicious Perforce connection parameters in a root composer.json. The second affects syncCodeBase() and allows injection via a crafted source reference when installing dependencies from a compromised repository, even without Perforce installed. No exploitation in the wild has been detected. Users should run `composer self-update` immediately and prefer --prefer-dist installs to reduce exposure.

  18. 18
    Article
    Avatar of stitcherstitcher.io·5w

    Dependency Hygiene

    A PHP developer scanned 1554 Packagist projects and found that 229 (roughly 15%) include unnecessary polyfill or compatibility packages despite requiring a PHP version where those packages are no longer needed. The post raises questions about how carefully developers vet their dependencies, drawing parallels to recent NPM supply-chain attacks. The author sent PRs to all affected projects and reflects on whether the convenience of package managers has made developers too passive about what code they pull in.

  19. 19
    Article
    Avatar of arstechnicaArs Technica·5w

    OpenClaw gives users yet another reason to be freaked out about security

    OpenClaw, a viral AI agentic tool with 347,000 GitHub stars, patched a critical privilege escalation vulnerability (CVE-2026-33579, CVSS 8.1–9.8). The flaw allowed any attacker with the lowest-level pairing permission to silently elevate themselves to full admin access with no user interaction required. For organizations using OpenClaw as a company-wide AI agent platform, this means an attacker could read all connected data sources, exfiltrate credentials, execute arbitrary tool calls, and pivot to other connected services — effectively a full instance takeover.

  20. 20
    Article
    Avatar of lobstersLobsters·3w

    Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

    Claude Desktop silently installs a Native Messaging bridge (com.anthropic.claude_browser_extension.json) into seven Chromium-based browsers on macOS — including browsers not installed on the machine and browsers Anthropic's own documentation says are unsupported. The bridge pre-authorizes three Chrome extension IDs to spawn an out-of-sandbox helper binary with access to authenticated browser sessions, DOM state, form fields, and screen capture. The install happens without user consent, is re-written on every Claude Desktop launch, and is logged internally under 'Chrome Extension MCP'. The author argues this constitutes spyware, violates EU ePrivacy Directive Article 5(3), and potentially breaches computer misuse laws. Eleven specific dark patterns are documented with forensic evidence including file timestamps, MD5 hashes, macOS provenance attributes, and Claude's own log files.

  21. 21
    Video
    Avatar of lowlevellearningLow Level Learning·2w

    we're hacking PDFs again?

    A zero-day vulnerability in Adobe Acrobat Reader has been actively exploited since September, leveraging the PDF JavaScript engine to perform sandbox escapes. The malware uses obfuscated JavaScript embedded in PDFs, exploits Adobe's RSS feed functionality to make outbound network requests (bypassing sandbox restrictions), and fingerprints the victim's Windows version by reading ntdll.dll before fetching a targeted exploit payload from a remote server. Adobe confirmed an active critical RCE vulnerability in a security bulletin on April 12th. Users are advised to avoid opening untrusted PDFs and to monitor for suspicious network patterns including language, platform, and viewer version data in outbound requests.

  22. 22
    Article
    Avatar of datadogDatadog·4w

    Introducing our open source AI-native SAST

    Datadog has open sourced an AI-native Static Application Security Testing (SAST) tool that uses LLMs to detect code vulnerabilities with greater accuracy than traditional rule-based approaches. The tool works in four steps: heuristic-based file identification, context retrieval, LLM-based analysis, and post-processing with false-positive filtering. To manage cost, it performs a full scan at onboarding and then only rescans files when their content or context changes. Benchmarked against the OWASP framework, the AI-native solution significantly outperforms traditional SAST on context-dependent vulnerabilities like SQL injection (86% vs 63% true positive rate) and command injection (90% vs 59%). The codebase is available on GitHub, though incremental analysis requires a Datadog subscription. Future plans include exploring agentic scanning techniques for deeper contextual reasoning.

  23. 23
    Article
    Avatar of stitcherstitcher.io·5w

    More dependency considerations

    Following up on a previous post about PHP dependency hygiene, the author responds to criticism from Paragon IE (makers of paragonie/sodium_compat) who argued that removing sodium_compat from PHP 7.2+ projects could leave some users vulnerable. The author counters that systems explicitly opting out of ext-sodium are edge cases and that the responsibility for requiring a compat library should fall on those specific systems, not on upstream libraries. The core argument is that sodium_compat was always meant to be a temporary shim, and the PHP community should prefer built-in extensions over PHP-based cryptographic polyfills for better dependency hygiene and security.

  24. 24
    Article
    Avatar of linearLinear·5w

    Post mortem on Linear security incident on March 24th, 2026

    Linear published a post-mortem for a security incident on March 24, 2026, where a deployed code change introduced a variable shadowing bug in the access control layer. For approximately one hour (12:07–1:10 UTC), workspace members including guests could access data from private teams they weren't authorized to see. Exposure vectors included notification digest emails, client data sync (~7,000 bootstraps), mobile app sessions, and API/third-party integrations. No data was exposed outside workspaces and no credentials were leaked. Linear reverted the change within an hour, force-cleared all client caches, logged out mobile sessions, and notified affected workspace admins within 48 hours. Remediation steps include expanded integration test coverage for permission boundaries, tighter pre-deployment security review for auth-related code, and improved monitoring for authorization anomalies.

  25. 25
    Article
    Avatar of auth0Auth0·2w

    Things Developers Get Wrong About the Backend for Frontend Pattern

    Common misconceptions about the Backend for Frontend (BFF) pattern are addressed, focusing on security implications. Key points: PKCE and BFF solve different problems and are complementary, not alternatives — PKCE protects the authorization code in transit while BFF keeps tokens out of the browser entirely. A true BFF is a confidential OAuth client, not just a reverse proxy forwarding tokens. HttpOnly cookies are not less secure than localStorage tokens — they trade XSS-based token theft for a more constrained CSRF attack surface. BFF doesn't automatically handle CSRF protection, session invalidation, secure cookie configuration, or API authorization. Finally, teams don't need a full rewrite — BFF can be introduced incrementally as an authentication layer without changing existing backend APIs.

See all Security archives