This month in Cubersecurity - March 2026 edition​
March brought a wave of major headlines, from autonomous AI agents attacking major repositories and highly evasive supply-chain compromises targeting developer environments, to critical vulnerabilities in popular AI frameworks and massive global law enforcement takedowns. Here is a roundup of the key cybersecurity developments reshaping the industry this month:
An AI Agent Just Wiped a 32,000-Star Repo. The Only Thing That Stopped It Was Another AI
An autonomous AI agent dubbed “hackerbot-claw”- powered by Claude Opus 4.5, - launched an automated supply-chain attack against seven major open-source repositories by exploiting vulnerable pull_request_target configurations in GitHub Actions. The bot wrought unprecedented devastation on the widely used Trivy security scanner by stealing access tokens to delete 178 releases, privatize the repository, and publish a malicious VSCode extension under Trivy’s trusted publisher identity. Demonstrating alarming adaptability, the bot seamlessly switched tactics to prompt injection when targeting the ambient-code/platform project, an attack uniquely thwarted only because the project employed its own AI code reviewer (also Claude) that immediately detected and neutralized the malicious instructions. This watershed incident, where an AI attacker was successfully stopped only by an AI defender, starkly highlights a growing crisis in CI/CD pipeline security, exposing that most organizations currently lack the necessary oversight, authentication controls, and automated safeguards to combat autonomous, machine-speed cyber threats.
| Date: | Mar 04, 2026 |
|---|---|
| Source: | exAgentica |
| Author: | John Engates |
A GitHub Issue Title Compromised 4,000 Developer Machines
The open-source AI coding assistant Cline suffered a novel “AI-installs-AI” supply chain attack dubbed “Clinejection,” in which a malicious actor published a compromised npm package that silently installed a secondary, highly privileged AI agent called OpenClaw on approximately 4,000 developers’ machines. The complex exploit chain began with a prompt injection attack via a GitHub issue title, which manipulated Cline’s automated AI triage bot into executing malicious code, poisoning the GitHub Actions cache, and ultimately exfiltrating active publication tokens. A breach worsened when maintainers botched a credential rotation following an earlier, ignored vulnerability report. This incident highlights a severe new risk in software supply chains where AI agents operating in CI/CD environments with high privileges can be tricked by untrusted natural language inputs into delegating authority to unauthorized payloads.
| Date: | Mar 05, 2026 |
|---|---|
| Source: | Grith.ai |
| Author: | Grith Team |
Supply-chain attack using invisible code hits GitHub and other repositories
Researchers from Aikido Security have uncovered a highly evasive supply-chain attack campaign dubbed “Glassworm,” which flooded repositories like GitHub, NPM, and Open VSX with over 150 malicious packages in early March. To bypass manual code reviews and traditional static analysis tools, the attackers utilized forgotten, invisible Unicode characters (Private Use Areas) to conceal malicious payloads that appear as empty space to humans but execute perfectly within a JavaScript runtime to steal tokens and developer secrets. Complicating detection further, security experts suspect the threat actors are leveraging Large Language Models (LLMs) to automatically generate highly realistic, stylistically consistent surrounding code, such as documentation tweaks and bug fixes, making these malicious packages incredibly difficult to distinguish from legitimate software updates.
| Date: | Mar 13, 2026 |
|---|---|
| Source: | ARS Technica |
| Author: | Dan Goodin |
Betterleaks, a new open-source secrets scanner to replace Gitleaks
Betterleaks is an advanced, open-source secret scanning tool designed to locate accidentally committed credentials, API keys, and tokens in directories, files, and repositories before malicious actors can exploit them. Betterleaks boasts significant technical upgrades, including a pure Go implementation, rule-defined validation using the Common Expression Language (CEL), and Token Efficiency Scanning that achieves a 98.6% recall rate compared to older entropy-based methods. Governed under an MIT license and co-maintained by contributors from major tech firms like Amazon and Red Hat, the tool is purpose-built to accommodate both human developers and AI agent workflows, with future updates slated to introduce LLM-assisted analysis, automatic secret revocation, and expanded data source support.
| Date: | Mar 15, 2026 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
Massive Interpol operation takes down 45,000 IP addresses and leads to 94 arrests
Interpol’s Operation Synergia III, a major international law enforcement initiative spanning 72 countries from mid-July to late January, successfully dismantled widespread cybercrime networks responsible for phishing, romance scams, and financial fraud. The coordinated crackdown, aided by private sector cybersecurity firms, resulted in 94 arrests, 110 ongoing investigations, the seizure of 212 electronic devices, and the takedown of over 45,000 malicious servers and IP addresses worldwide. By targeting diverse localized threats, ranging from tens of thousands of fake infrastructure sites in China to specialized extortion and loan scam rings in Togo and Bangladesh; the operation dealt a massive blow to global cybercrime, arriving on the heels of a separate, Europol-led takedown of the prolific Tycoon 2FA phishing-as-a-service platform.
| Date: | Mar 16, 2026 |
|---|---|
| Source: | Tech Radar |
| Author: | Sead Fadilpašić |
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three critical vulnerabilities: CVE-2026-34070 (path traversal), CVE-2025-68664 (deserialization, dubbed “LangGrinch”), and CVE-2025-67644 (SQL injection) - impacting the widely used open-source AI frameworks LangChain and LangGraph. If exploited, these flaws provide independent pathways for attackers to drain sensitive enterprise data, including local filesystem files, environment secrets like API keys, and private conversation histories. Because LangChain sits at the core of a massive dependency web with tens of millions of weekly downloads, these vulnerabilities ripple outward to affect numerous downstream libraries and integrations. While patches have been released for the affected components, alongside recent active exploits in related tools like Langflow, highlights that modern AI infrastructure remains highly susceptible to classic security flaws, making immediate patching essential to protect enterprise systems.
| Date: | Mar 27, 2026 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach affecting its Europa.eu web platform and at least one of its Amazon Web Services (AWS) accounts, following a cyberattack claimed by the ShinyHunters extortion gang. Although the Commission stated it successfully contained the incident without any disruption to its websites or internal systems, the attackers claim to have stolen over 350 GB of sensitive data - including databases, emails, and confidential contracts; and have already leaked a 90 GB archive on their dark web site.
| Date: | Mar 30, 2026 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Sergiu Gatlan |
Dutch Finance Ministry takes treasury banking portal offline after breach
Following a detected cyberattack on March 19, the Dutch Ministry of Finance proactively took several systems offline - including its digital treasury banking portal, leaving approximately 1,600 public institutions temporarily unable to view account balances, apply for loans, or generate financial reports online. While the ongoing forensic investigation, supported by the Dutch National Cyber Security Center (NCSC) and national police, has not yet identified the responsible threat actor or determined if sensitive data was exfiltrated, Minister of Finance Eelco Heinen confirmed that critical citizen services like tax collection and customs remain completely unaffected. Despite the disruption to portal access and the current lack of a definitive resolution timeline, participating institutions retain full access to their funds, with essential incoming and outgoing payments continuing safely through regular banking channels or manual fallback processes.
| Date: | Mar 31, 2026 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Sergiu Gatlan |
Conclusion
That’s a wrap! 
We’d love to hear your thoughts. Don’t hesitate to share any comments or additional news we might have missed in the Passbolt community forum.