It's been a busy 24 hours in the cyber world with significant updates on supply chain attacks affecting developers and marketing SDKs, alongside new warnings about AI agent vulnerabilities. Let's dive in:

AppsFlyer SDK Spreads Crypto Stealer ⚠️

- The AppsFlyer Web SDK was compromised, delivering malicious JavaScript that hijacked cryptocurrency transactions by replacing legitimate wallet addresses with attacker-controlled ones.
- AppsFlyer confirmed a domain registrar incident on March 10, 2026, which temporarily exposed a segment of customer websites to unauthorised code, though their mobile SDK was unaffected.
- Organisations using the SDK should review telemetry for suspicious API requests, consider downgrading to known-good versions, and investigate potential compromises, as the full scope is still under investigation.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/

GlassWorm Escalates Supply Chain Attacks 🛡️

- The GlassWorm campaign has significantly escalated, now abusing extensionPack and extensionDependencies in Open VSX extensions to turn benign-appearing packages into transitive delivery vehicles for malware.
- Researchers discovered at least 72 new malicious Open VSX extensions targeting developers, mimicking popular utilities and AI coding assistants, often using invisible Unicode characters to hide payloads.
- The campaign retains hallmarks like avoiding Russian locales and using Solana transactions for C2 resilience, but now features heavier obfuscation, rotating Solana wallets, and potentially uses LLMs to generate convincing cover commits for malicious injections in GitHub and npm.

📰 The Hacker News | https://thehackernews.com/2026/03/glassworm-supply-chain-attack-abuses-72.html

OpenClaw AI Agent Flaws Pose Major Risks 🔒

- China's CNCERT has warned about significant security flaws in the OpenClaw open-source AI agent, stemming from weak default configurations and its privileged system access.
- Risks include prompt injection attacks (indirect and cross-domain), where malicious instructions can trick the agent into leaking sensitive data, even via messaging app link previews without user clicks.
- Other concerns involve inadvertent data deletion, malicious skills from repositories like ClawHub, and exploitation of recently disclosed vulnerabilities, leading to potential data exfiltration or system paralysis.

📰 The Hacker News | https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable-prompt-injection-and-data-exfiltration/

#CyberSecurity #SupplyChainAttack #Malware #CryptoStealer #AI #PromptInjection #Vulnerabilities #InfoSec #ThreatIntelligence #DeveloperSecurity #WebSecurity

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

Anil Bhasin from Wiz told TechNadu, “Rather than asking developers to decode generic alerts, the focus should be on delivering clear, contextual findings.”
He explains how developer-first security empowers innovation through automation, collaboration, and shared ownership. https://www.technadu.com/the-security-dilemma-creating-a-supportive-security-ecosystem-that-enables-speed-and-developer-empowerment/611717/

#CyberSecurity #DevSecOps #AppSec #Wiz #DeveloperSecurity #TechNadu

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

Ransomware in VSCode extensions raises serious concerns about Microsoft’s marketplace security.

Two extensions—“ahban.shiba” and “ahban.cychelloworld”—were found on the Visual Studio Code Marketplace containing ransomware that evaded Microsoft’s security checks for months.

Key takeaways:
・⚠️ Malicious code used PowerShell to fetch ransomware from a remote AWS server
・💸 Victims were told to pay 1 ShibaCoin—no actual payment instructions were provided
・🕒 Extensions stayed live despite being flagged by ExtensionTotal back in November 2024
・🧪 Ransomware appeared to be in an early testing phase, only encrypting files in test folders

This incident highlights ongoing gaps in third-party extension vetting and the urgent need for tighter security controls—even on official marketplaces.

Full story: https://www.cysecurity.news/2025/03/ransomware-found-in-vscode-extensions.html

#CyberSecurity #VSCode #Microsoft #Malware #DevTools #SecurityAwareness #Ransomware #Infosec #DeveloperSecurity

GitHub detected 39 million exposed secrets in 2024! Learn how their major security upgrade protects your code with AI-powered scanning, free risk assessment, and enhanced push protection. Don't let your API keys become the next compromise.

#SecurityLand #BusinessShield #CyberSecurity #GitHub #DeveloperSecurity

Read More: https://www.security.land/github-bolsters-security-after-39-million-secret-leaks-in-2024/

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec