03/04/2026-03/11/2026 CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities, GhostClaw Poses As OpenClaw To Steal Sensitive Developer Data And More.

1. Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers discovered five malicious Rust crates disguised as time-related utilities that secretly steal sensitive data from developers. The packages—chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync—were uploaded to the crates.io between late February and early March 2026. Although presented as tools to calibrate local time without Network Time Protocol, the crates actually search for .env files and send their contents to attacker-controlled servers. These files often store API keys, tokens, and other secrets, making them valuable targets. Four of the packages simply collect and transmit the data, while chrono_anchor hides the malicious logic using obfuscation to avoid detection. The stolen information is sent to a look-alike domain, timeapis[.]io. The crates have now been removed, but developers who installed them should assume their secrets were exposed, rotate credentials, and review CI/CD pipelines. The campaign highlights how even simple supply-chain attacks can cause serious damage inside developer environments.

2. CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

CISA has added three vulnerabilities to its KEV Catalog after confirming active exploitation. The flaws affect Omnissa Workspace ONE UEM, SolarWinds Web Help Desk, and Ivanti Endpoint Manager. One vulnerability allows server-side request forgery that could expose sensitive data, while another enables attackers to execute commands on affected systems. The third flaw allows authentication bypass that may leak stored credentials. Security researchers report that attackers are already exploiting the SolarWinds Web Help Desk flaw to gain initial access, with activity linked to the Warlock ransomware group. CISA has ordered U.S. federal agencies to patch the SolarWinds vulnerability by March 12, 2026, and the remaining flaws by March 23, 2026 to reduce security risks.

3. GhostClaw Poses As OpenClaw To Steal Sensitive Developer Data

Security researchers discovered a malicious npm package posing as the OpenClaw Installer. Instead of installing a legitimate tool, it deploys a malware framework designed to steal developer secrets, browser data, crypto wallet files, and system credentials while installing a persistent remote access tool. The package appears harmless at first, but its real behavior is hidden in setup and postinstall scripts. During installation, it silently installs itself globally and launches a convincing fake installer in the terminal with progress bars and setup messages. Afterward, it displays a fake Keychain prompt requesting the user’s system password. If entered correctly, the malware gains access to protected data. The script then downloads an encrypted second-stage payload called GhostLoader, which acts as both an infostealer and a remote access trojan. It steals credentials, cloud profiles, and browser data, sends them to attacker servers, and maintains persistent system access.

4. OpenAI Rolls Out Codex Security Vulnerability Scanner

OpenAI has introduced a new AI-powered vulnerability scanner called Codex Security (previously Aardvark). Currently in research preview, the tool has been tested in private beta by companies such as Netgear. It is now available to ChatGPT Pro, Enterprise, Business, and Edu users with free access for one month.

Codex Security analyzes code repositories to understand system context and build a threat model based on trusted components, system roles, and potential exposures. It then searches for vulnerabilities, ranks them by real-world risk, and suggests patches.

During testing over 30 days, the tool scanned 1.2 million commits and detected nearly 800 critical vulnerabilities and more than 10,000 high-severity issues. Problems were found in major open-source projects including Chromium, OpenSSL, and PHP.

5. UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 breached a company’s cloud environment within 72 hours after exploiting a supply-chain attack involving the Nx npm package. The attack began when a developer’s GitHub token was stolen.

Using the token, the attacker accessed the victim’s cloud environment and abused a trust relationship between GitHub and Amazon Web Services through OpenID Connect. This allowed them to create a new administrator role and gain full cloud control.

The attackers then accessed Amazon S3 buckets to steal files and later destroyed parts of the production environment. The compromise was linked to a malicious script that installed a credential-stealing tool called QUIETVAULT, which collected tokens and sensitive data.

The incident highlights how supply-chain attacks targeting developer tools can quickly escalate into full cloud breaches if permissions are misconfigured.

02/25/2026-03/04/2026 Actively Exploited VMware Aria Operations Flaw, 26 Suspicious npm Packages in New Cyber Campaign And More.

1. CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

 CISA has added a newly disclosed flaw affecting VMware Aria Operations to its KEV catalog, citing active attacks. Tracked as CVE-2026-22719 (CVSS 8.1), the high-severity bug is a command injection issue that allows unauthenticated attackers to execute arbitrary commands, potentially leading to remote code execution during support-assisted product migration. The vulnerability was patched alongside CVE-2026-22720 (stored XSS) and CVE-2026-22721 (privilege escalation). Affected products include VMware Cloud Foundation and VMware vSphere Foundation 9.x (fixed in 9.0.2.0) and VMware Aria Operations 8.x (fixed in 8.18.6). Customers unable to patch immediately can run the “aria-ops-rce-workaround.sh” script as root on each virtual appliance node. Broadcom acknowledged reports of in-the-wild exploitation but said it cannot independently confirm them. Federal Civilian Executive Branch agencies must apply fixes by March 24, 2026.

2. Fake Next.js Job Interview Tests Backdoor Developer’s Devices

A coordinated campaign is targeting software developers with job-themed lures, using malicious repositories disguised as legitimate Next.js projects and coding assessments. The operation aims to achieve remote code execution (RCE), steal sensitive data, and deploy additional payloads on compromised machines. According to Microsoft, attackers created fake web apps and hosted them on platforms like Bitbucket. When developers clone and open the projects, embedded malicious JavaScript executes automatically. The code downloads a backdoor from a remote server and runs it in memory via Node.js. To boost infection rates, the repositories include multiple triggers: a VS Code task that runs on folder open, a trojanized asset activated by “npm run dev,” and a backend module that exfiltrates environment variables and executes attacker-supplied code. The infection deploys staged payloads that profile hosts, connect to command-and-control servers, execute remote tasks, and enable file exfiltration. Developers are urged to enable Workspace Trust, apply security controls, and limit stored secrets.

3. North Korean-Linked Hackers Target Developers Through 26 Suspicious npm Packages in New Cyber Campaign

Cybersecurity researchers have warned of a new threat campaign allegedly tied to North Korean actors, involving 26 malicious packages uploaded to the npm registry. The packages were disguised as legitimate development tools and used typosquatting to mimic popular libraries, increasing the chances of accidental installation. Believed to be a variant of the “Contagious Interview” campaign, the operation reportedly used Pastebin-based steganography to hide command-and-control (C2) addresses inside seemingly harmless text files. Each package executed an installation script that launched a payload from “vendor/scrypt-js/version.js,” which decoded hidden server domains by stripping zero-width Unicode characters and extracting embedded data. The malware supported Windows, macOS, and Linux, and used WebSocket communication to receive commands. It included modules for data theft, VS Code persistence, keylogging, browser credential harvesting, and crypto wallet targeting, while scanning repositories for exposed secrets. The activity has been tentatively linked to the North Korea-associated group Famous Chollima. Developers are urged to verify npm packages carefully.

4. New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have detailed a patched high-severity flaw in Google Chrome that could have enabled privilege escalation and access to local files. Tracked as CVE-2026-0628 (CVSS 8.8), the issue stemmed from insufficient policy enforcement in the WebView tag and was fixed in version 143.0.7499.192/.193 for Windows, Mac, and Linux in January 2026. Discovered by Palo Alto Networks Unit 42 researcher Gal Weizman, the flaw—codenamed “Glic Jack”—affected Chrome’s Gemini Live side panel, which loads content via a WebView component. Attackers could trick users into installing a malicious extension with basic permissions, allowing script injection into the Gemini panel. Successful exploitation could have granted access to the camera, microphone, screenshots, and local files. The bug exposed risks tied to embedding AI agents directly into browsers, where privileged components may introduce new attack surfaces despite existing extension security controls.

5. Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have uncovered a malicious package on the NuGet Gallery impersonating a legitimate library from Stripe to target the financial sector. The package, named StripeApi.Net, mimicked the official Stripe.net library, which has over 75 million downloads. Uploaded on February 16, 2026, by a user called “StripePayments,” it copied the legitimate package’s icon and nearly identical documentation, subtly altering the name to “Stripe-net.” The attacker also inflated download numbers to more than 180,000 across 506 versions to boost credibility. According to ReversingLabs, the package preserved most legitimate functionality but modified key methods to steal sensitive data, including Stripe API tokens, and exfiltrate them to a remote server. Because applications continued to compile and run normally, developers were unlikely to notice the compromise. The package was reported and removed before causing significant harm.

02/18/2026-02/25/2026 SolarWinds Patches 4 Critical Serv-U 15.5 Flaws, Cline CLI 2.3.0 Supply Chain Attack And More.

1. SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates for Serv-U file transfer software to fix four critical vulnerabilities that could allow remote code execution. All are rated 9.1 on the CVSS scale:

• CVE-2025-40538: Broken access control letting attackers create admin users and run code as root;
  -CVE-2025-40539 & CVE-2025-40540: Type confusion flaws enabling execution of native code as root;
  -CVE-2025-40541: Insecure direct object reference (IDOR) allowing native code execution as root.

Exploitation requires administrative privileges, though risk is medium on Windows, as services often run under less-privileged accounts. These issues affect Serv-U version 15.5 and are fixed in 15.5.4. SolarWinds hasn’t reported active exploitation, but past Serv-U flaws (e. g., CVE-2021-35211, CVE-2021-35247, CVE-2024-28995) were targeted by hackers, including China-based group Storm-0322 (formerly DEV-0322).

2. Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed an active supply chain worm campaign, dubbed SANDWORM_MODE, leveraging at least 19 malicious npm packages to steal credentials and cryptocurrency keys. The malware exfiltrates system information, tokens, environment secrets, and API keys, propagating via stolen npm and GitHub identities. Core features include a polymorphic engine, hook-based persistence, USB and SSH propagation fallbacks, and an “McpInject” module that targets AI coding assistants (Claude, Cursor, VS Code) to harvest SSH keys, environment files, and LLM API keys from providers like OpenAI, Anthropic, and Cohere. The attack unfolds in two stages, with a delayed secondary stage performing deeper harvesting, worm-like spread, and full exfiltration. Some packages include sleeper components or kill switches, which remain off by default. Users are urged to remove affected packages, rotate tokens and CI secrets, and review workflows. The campaign mirrors recent malicious npm activity, including buildrunner-dev and eslint-verify-plugin, which deliver RATs and agents targeting Windows, macOS, and Linux.

3. Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

On February 17, 2026, a supply chain attack targeted the Cline CLI open-source package, installing OpenClaw—an AI agent—on developer and CI/CD systems via the malicious [email protected] release. The attacker exploited a prompt injection vulnerability in the Cline GitHub Actions workflow, stealing a long-lived npm publish token to publish the compromised version. The post-install script silently installed OpenClaw globally, giving it system-level permissions, persistent presence, and potential access to credentials. The package was downloaded roughly 4,000 times over an eight-hour window. No evidence of data exfiltration or additional payloads was found, but OpenClaw’s unauthorized installation posed serious security risks, particularly in CI/CD environments. The attack was mitigated by deprecating [email protected], revoking the token, and releasing [email protected]. The incident highlights critical supply chain security weaknesses and the dangers of AI-driven automation in software workflows. Users are advised to remove OpenClaw and rotate any exposed credentials.

4. Wormable XMRig Campaign Leverages BYOVD and Timed Kill Switch For Stealth

Researchers uncovered a wormable cryptojacking campaign spreading via pirated software to deploy a custom XMRig miner. The malware uses a BYOVD exploit (Bring Your Own Vulnerable Driver) and a time-based logic bomb to evade detection and boost Monero mining efficiency by 15–50%. At the core is Explorer.exe, a persistent state machine that switches roles—installer, watchdog, payload manager, cleaner—based on command-line arguments. Payloads, including the miner, watchdogs, and a vulnerable driver (WinRing0x64.sys), are embedded in the binary, decompressed to hidden files, and disguised as legitimate software. A circular watchdog ensures the miner restarts if terminated, even killing Windows Explorer to maintain activity. The malware also spreads via USB drives, copying itself and creating malicious shortcuts. A kill switch set for December 23, 2025, triggers cleanup, suggesting a limited operational window. The campaign highlights evolving malware tactics, combining social engineering, worm-like propagation, kernel-level exploitation, and AI-like persistence to create a resilient, high-performance cryptojacking botnet.