developer-security

The 9-Second Disaster: What a Rogue AI Coding Agent Teaches Us About Production Access

John Z Black Apr 27, 2026

AI Security #ai-agents #cursor #claude #developer-security #vibe-coding

A Claude-powered agent deleted an entire production database in 9 seconds. Here's why it happened and what it means for anyone using AI coding tools.

Administrative Betrayal: The Bitwarden CLI Supply Chain Hijack

John Z Black Apr 27, 2026

Threat Intelligence #supply-chain #npm #bitwarden #developer-security #malware

A malicious npm package impersonating the Bitwarden CLI installed its own runtime to steal secrets. When security tools are the attack vector, the whole CI/CD pipeline becomes a weapon.

AI Code Gets CVEs Now.

John Z Black Mar 29, 2026

AI Security #ai-security #vibe-coding #ncsc #mcp #model-context-protocol #prompt-injection #rsac #developer-security #ai-code

The UK's NCSC called AI-generated code an 'intolerable risk,' researchers found all seven major MCP clients vulnerable to attack, and 35 CVEs in March alone traced directly back to AI-written code.

This Malware Hides Its Command Server in the Blockchain, and Borrows Google Calendar Too

John Z Black Mar 27, 2026

Threat Intelligence #malware #blockchain #solana #developer-security #supply-chain #glassworm #npm #c2

GlassWorm targets developers through compromised npm, PyPI, and GitHub packages. Its C2 address is hidden in a Solana blockchain memo. You can't take down a blockchain transaction.

The npm Ghost: That Install Log Looked Normal Because It Was Built to Fool You

John Z Black Mar 25, 2026

Threat Intelligence #npm #supply-chain #developer-security #reversinglabs #credential-theft #malware

Seven malicious npm packages have been stealing sudo passwords and crypto wallet data from developer machines since February. The trick: they generate fake terminal output so convincing that developers don't look twice.

GlassWorm Is Hiding Malware in Invisible Code and Pushing It Into Your Python Repos

John Z Black Mar 17, 2026

Supply Chain & Software Security #supply-chain #glassworm #github #python #malware #unicode #developer-security

GlassWorm steals GitHub tokens, then injects malicious code written in invisible Unicode characters into repos developers already trust. 151 packages hit in one week.

The Software You Trust Is Becoming the Attack: Two Supply-Chain Strikes in One Week

John Z Black Mar 15, 2026

Threat Intelligence #supply-chain #developer-security #vs-code #appsflyer #malware #sdk-security

GlassWorm hijacked VS Code extension dependencies. AppsFlyer's SDK got compromised to serve crypto stealers. Both attacks exploited trust, not carelessness.

Developer Supply Chains Under Coordinated Assault: 88 Malicious npm Packages and a CVSS 9.8 in simple-git

John Z Black Mar 12, 2026

Developer Security #npm #supply-chain #developer-security #phantomraven #simple-git #ci-cd #aws #devsecops

PhantomRaven dropped 88 malicious npm packages targeting AWS credentials and CI secrets. A critical RCE in simple-git threatens millions of dev environments. Your developer toolchain is a target.