%term

BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

Mar 23, 2026 By Datadog In Datadog

As AI coding assistants accelerate software development, the volume of pull requests at Datadog has grown to nearly 10,000 per week, increasing the risk that malicious changes slip through due to review fatigue. To address this, Datadog built BewAIre, an LLM-powered code review system designed to identify malicious source code changes introduced by threat actors. By reducing approval fatigue for developers while increasing friction for attackers, BewAIre guides human reviewers to the areas where judgment matters most, without slowing developer velocity.

View Video

Datadog

Read more about BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Mar 21, 2026 By Tom Abai In Mend

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this incident as MSC-2026-3271.

Read Post

Mend

Read more about CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

SpyCloud's 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

Mar 19, 2026 By SpyCloud

New Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more.

Read Post

Read more about SpyCloud's 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

Camille Stewart Gloster on how AI systems can help you wade through log data and get more done

Mar 19, 2026 By Rubrik In Rubrik

AI and machine learning are already being used in cybersecurity to help reduce the "noise of all the indicators" that security teams receive. These systems can serve as a "first line of defense" by setting up potential response actions. However, organizations need to ensure they keep human analysts in the loop because contextual knowledge and human judgment remain critical. Data Security Decoded is available on our YouTube channel!

View Video

Rubrik

Read more about Camille Stewart Gloster on how AI systems can help you wade through log data and get more done

Cato CTRL Threat Research: Vishing and Microsoft Teams Used to Deliver PhantomBackdoor

Mar 18, 2026 By Dr. Guy Waizel In Cato Networks

Cato CTRL has discovered a q-based delivery technique used against an Italy-based consumer services company associated with PhantomBackdoor, a multi-stage WebSocket-based backdoor previously reported in a Ukraine-focused spear phishing operation by SentinelOne. In SentinelOne’s earlier reporting, initial access relied on phishing lures and a ClickFix-style flow that triggered a staged PowerShell and ended with a WebSocket backdoor.

Read Post

Cato Networks

Read more about Cato CTRL Threat Research: Vishing and Microsoft Teams Used to Deliver PhantomBackdoor

fast-draft Open VSX Extension Compromised by BlokTrooper

Mar 18, 2026 By Raphael Silva In Aikido

The KhangNghiem/fast-draft extension, listed on open-vsx.org/extension/KhangNghiem/fast-draft and now sitting above 26,000 downloads, had multiple malicious releases that execute a GitHub-hosted downloader and pull a second-stage RAT and infostealer from the BlokTrooper/extension repository. The confirmed malicious releases in the version line we inspected are 0.10.89, 0.10.105, 0.10.106, and 0.10.112.

Read Post

Aikido

Read more about fast-draft Open VSX Extension Compromised by BlokTrooper

ALBIROX Malware Analysis

Mar 18, 2026 By Jack Lewis In JUMPSEC

ALBIRIOX is an Android-focused Remote Access Trojan (RAT) with the potential to impact organisations operating cloud/SaaS environments where employees access corporate resources and files from personal mobile devices.

Read Post

JUMPSEC

Read more about ALBIROX Malware Analysis

Your Backups Are Talking - Are You Listening? with Kyle Fiehler

Mar 17, 2026 By Rubrik In Rubrik

In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Sr. Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.

View Video

Rubrik

Read more about Your Backups Are Talking - Are You Listening? with Kyle Fiehler

Glassworm Strikes Popular React Native Phone Number Packages

Mar 16, 2026 By Raphael Silva In Aikido

On March 16, 2026, two React Native npm packages from the AstrOOnauta were backdoored in a coordinated supply chain attack. Both releases added an identical install-time loader that fetches and executes a multi-stage Windows credential and crypto stealer, triggered by nothing more than a routine npm install. The affected packages are react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8.

Read Post

Aikido

Read more about Glassworm Strikes Popular React Native Phone Number Packages

What Healthcare Leaders Face After a Cyberattack

Mar 12, 2026 By Rubrik In Rubrik

In this episode of Building Cyber Resilience: A Healthcare Leader’s Guide, host Josh Howell speaks with Errol Weiss, Chief Security Officer at Health-ISAC. Drawing on decades of experience across government, finance, and healthcare, Errol walks through what leaders actually face in the hours and weeks following a cyberattack. The conversation explores why healthcare remains a top ransomware target, how uncertainty shapes recovery decisions, and why trusted, anonymous information sharing has become one of the sector’s strongest defenses.

View Video