This week: Invisible malware is hiding inside VS Code extensions and GitHub repos — and your diff view won’t show it. Free AI-powered scanners from Anthropic and OpenAI just exposed a structural gap in every pattern-matching SAST tool in your stack. And in Hack of the Week, a five-minute Claude prompt tells you exactly where your detection coverage ends. Malware hiding inside developers’ code editors infected 151 GitHub repositories and 72 VS Code extensions. No obfuscation. No minified file. The code is literally invisible. GlassWorm uses Unicode variation selectors that produce zero visual output in any editor, any diff view, any terminal. Socket reported that GlassWorm targeted linters, formatters, and AI coding assistants, with C2 running through the Solana blockchain and Google Calendar event titles as fallback. If the team runs npm or Open VSX extensions, assume exposure until verified. The same week, ShinyHunters took AuraInspector, a tool Mandiant built to help defenders audit Salesforce access controls, and turned AuraInspector into the weapon. No zero-day. No platform vulnerability. Just misconfigured guest user permissions on up to 400 Salesforce organizations. Google emergency-patched CVE-2026-3909 and CVE-2026-3910, two Chrome zero-days already exploited in the wild. Microsoft’s CVE-2026-26144, rated Critical, weaponizes Copilot Agent through what Barrack AI researchers described as an XSS-to-prompt-injection chain that requires zero user action. Five attacks. One pattern. GlassWorm is in the code editor, and ShinyHunters turned the audit tool Mandiant built for defense into the extraction engine for offense. And Microsoft’s own Copilot Agent became the exfiltration channel. The attack surface is not your infrastructure. The attack surface is trust. |
Close the trust gap immediately 1. Inventory every IDE extension on developer workstations by Friday. GlassWorm impersonated Claude Code and Google extensions. If the security team cannot enumerate what extensions developers are running, that is Monday’s first task. 2. Disable API access on every Salesforce guest user profile today. Uncheck “API Enabled” in guest user System Permissions. That closes the exact vector ShinyHunters used. Time to fix: five minutes. 3. Update all Chromium-based browsers to version 146.0.7680.75/.76 or later before end of day. Both CVEs carry CVSS 8.8. CISA deadline: March 27. Not next sprint. Now. If the SOC cannot tell which of those five tool categories has monitoring coverage today, that’s the gap. Scroll to the bottom for a clickable SAST gap assessment that ties to the featured story. |
Free AI security scanners just exposed SAST’s structural blind spot Anthropic’s Claude Code Security found more than 500 zero-day vulnerabilities in production open-source codebases. Not by matching patterns. By tracing code logic across files. In CGIF, Claude identified a heap buffer overflow in the LZW compression algorithm that coverage-guided fuzzing at 100 percent code coverage never caught. OpenAI’s Codex Security launched 14 days later. During beta, it scanned 1.2 million commits across OpenSSH, GnuTLS, PHP, and Chromium — surfacing 792 critical findings and 14 CVEs. Both scanners are free. But Checkmarx Zero researchers ran Claude against a production-grade codebase and found two true positives out of eight flagged vulnerabilities. Neither Anthropic nor OpenAI has submitted claims to an independent audit. VentureBeat found in interviews with more than 40 CISOs that governance frameworks for reasoning-based scanners barely exist. Merritt Baer, CSO at Enkrypt AI, told VentureBeat the organization bought the right tools for the threats of the last decade — the technology just moved faster. Run a 30-day pilot with both tools before committing to either. That’s the gap. Read the full analysis → |
Beyond the Pilot: Blueprints for Resilient AI Scale Join us for this executive session where we move beyond high-level strategy to examine the operational blueprints of successful AI scaling. Featuring insights from industry leaders, we will dissect the “Day 2" challenges of enterprise AI: - Operational Consistency: How to standardize AI deployment across data center, cloud, and edge without locking yourself in.
- The Governance Gap: Practical frameworks for securing private data and managing “Shadow Agents” without stifling innovation.
- Sustainable Economics: Real-world lessons on managing inference costs and infrastructure ROI as workloads expand.
|
Who's actually in charge of your AI stack? VentureBeat is surveying enterprise technology and engineering leaders to find out what's really happening on the ground: who governs AI behavior across complex, multi-platform environments, and what's getting in the way. |
Beyond the Pilot Podcast: Episode 8 LangChain told employees they cannot install OpenClaw on company laptops due to "massive security risk" — yet this unhinged approach is exactly what makes it work. Harrison Chase unpacks why OpenClaw succeeds where AutoGPT failed, and why context engineering, not just smarter models, separates demo agents from production-ready systems.. Watch Episode 8 |
Interesting stories we're tracking |
GlassWorm escalates to 72 VS Code extensions and 151 GitHub repos with literally invisible malware GlassWorm uses Unicode variation selectors that render as blank lines in every editor and every diff view. The JavaScript interpreter executes them. Solana blockchain C2 makes the infrastructure un-takedownable. If the team runs npm or Open VSX extensions, assume exposure until verified. Audit developer extensions against Socket’s published list. Sources: The Hacker News, Aikido, SecurityWeek Google emergency-patches two Chrome zero-days as CISA sets March 27 deadline Google confirmed active exploitation of both CVEs on the same day it discovered them internally. CVE-2026-3909 (CVSS 8.8): out-of-bounds write in Skia, Chrome’s core graphics engine. CVE-2026-3910 (CVSS 8.8): V8 sandbox code execution via a crafted HTML page. These are Chrome’s second and third zero-days of 2026. Update all Chromium-based browsers to version 146.0.7680.75/.76 or later. Sources: Google Chrome Releases, The Register ShinyHunters weaponize Mandiant’s AuraInspector to breach 400 Salesforce orgs Every breach traced to a customer misconfiguration — no zero-day, no platform vulnerability. ShinyHunters claim roughly 100 high-profile targets among the 300 to 400 organizations compromised. Salesforce’s highest-impact fix: disable guest API access. Sources: SecurityWeek, Help Net Security Operation Lightning dismantles 369,000-device SocksEscort botnet across 163 countries Europol and the DOJ seized 34 domains, 23 servers, and froze $3.5M in cryptocurrency in Operation Lightning. The AVRecon malware behind SocksEscort targeted SOHO routers from Cisco, D-Link, NETGEAR, TP-Link, and Zyxel across more than 1,000 device models, according to the FBI. Verify branch office and remote site router firmware is current. Sources: TechCrunch, CyberScoop |
|
|
SAST gap assessment in five minutes Note: Before running this prompt, open Socket's GlassWorm research post and copy the full extension ID list. Paste it into your Claude chat first, then run the prompt below. Without the IOC list in context, the model will return a confident-sounding answer with nothing behind it. The table below shows what a hypothetical healthcare company gets from this assessment. Total time from paste to finished table: five minutes. Three steps. |
1. Go to claude.ai and sign up for a free account (takes one minute). Click “Start new chat.” 2. Copy the text below and paste it into the chat box: |
3. Replace the three bracketed fields with the actual tool name, languages, and repo names. Hit Enter. Claude returns the table in about two minutes. No private data leaves the session. Tool names, language names, and repository names are all public metadata. Five minutes. Zero budget. The pilot plan Merritt Baer recommended in the featured story and a GlassWorm exposure check in one pass. Start here. |
Thanks for reading, and look for us again in your inbox next week. Louis Columbus (@LouisColumbus) |
|
|
|
