WIRED
The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz 31 March 2026 at 13:38

The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

WIRED

31 March 2026 at 13:38

Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving.

/r/netsec - Information Security News & Discussion
Your Agent Runs Code You Never Wrote - Why agent isolation is a different problem 31 March 2026 at 05:11

Your Agent Runs Code You Never Wrote - Why agent isolation is a different problem

/r/netsec - Information Security News & Discussion

By: /u/bakibab

31 March 2026 at 05:11

I looked at how Cursor, Claude Code, Devin, OpenAI, and E2B actually isolate agent workloads today. The range goes from literally no sandbox (Cursor runs commands in your shell) to hardware-isolated Firecracker microVMs (E2B).

Container runtimes have had escape CVEs every year since 2019. Firecracker: zero guest-to-host escapes in seven years. AWS themselves said "we do not consider containers a security boundary."

The post covers five assumptions traditional isolation makes that agents break, real incidents (Devin taken over via one poisoned GitHub issue, Slack AI exfiltration, Clinejection supply chain attack), and the six dimensions of isolation I'll be exploring in this series.

submitted by /u/bakibab
[link] [comments]

/r/netsec - Information Security News & Discussion
Axios npm package compromised in supply chain attack. Downloads malware dropper package 31 March 2026 at 05:09

Axios npm package compromised in supply chain attack. Downloads malware dropper package

/r/netsec - Information Security News & Discussion

By: /u/raptorhunter22

31 March 2026 at 05:09

Axios is one of the most used npm packages which just got hit by a supply chain attack. Malicious versions of Axios (1.14.1 and 0.30.4) hit the npm registry yesterday. They carry a malware dropper called plain-crypto-js@4.2.1. If you ran npm install in the last 24 hours, check your lockfile. Roll back to 1.14.0 and rotate every credential that was in your environment. Currently, as of now, npmjs has removed the compromised versions of axios package along with the malicious plain crypto js package. Live updates + info linked.

submitted by /u/raptorhunter22
[link] [comments]

Troy Hunt
Weekly Update 497 31 March 2026 at 00:41

Weekly Update 497

Troy Hunt

By: Troy Hunt

31 March 2026 at 00:41

Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Significantly, we're shifting more and more of the workload to the latter as all 3 of us at HIBP HQ get better at assigning workloads to machines. In addition to my use of my "PwnedClaw" bot to help catalogue and process data breaches, Stefan and I are both using GitHub Copilot in Visual Studio extensively, and Charlotte is using her own Telegram bot, "Pwny," plugged into OpenClaw to crawl all our content and look for inconsistencies while designing revised user interfaces. Over the last couple of weeks, I've spent US$854 on Claude tokens, which feels like a lot until you look at it like an employee doing work for you. But we've barely scratched the surface, and I can't wait to see the things we do with this in the weeks and months to come 😊

Normal view