Two approaches to achieve local isolated execution of AI coding agents. On macOS, Agent Safehouse uses OS-native sandbox-exec for kernel-level restrictions, and on Windows, Codex uses the VM-based Windows sandbox.
Anthropic found 22 CVEs in Firefox's JS engine with Claude, while GitHub Security Lab reported more than 80 vulnerabilities in apps built on the OSS framework Taskflow Agent.
Four infrastructure-security stories from early March 2026: AI attack tool CyberStrikeAI compromising 600 FortiGates, Cloudflare's split detection/blocking WAF architecture, standardization of TLS Encrypted Client Hello, and CISA's KEV addition for VMware Aria Operations.
A prompt-injection attack in a GitHub issue title tricked an AI triage bot into stealing npm tokens, which were then used to publish a malicious package in a five-step supply-chain attack chain.
North Korean Famous Chollima has released 26 npm packages as an extension of the Contagious Interview campaign. Hiding C2 with zero-width Unicode characters in a Pastebin essay and deploying a 9-module RAT via 31 Vercel deployments.
In March 2026, Iran's retaliatory attack physically destroyed the AWS Bahrain/UAE region. There is no compensation due to the force majeure clause. RI continues to be charged even though it has stopped. Consider cloud physical risks and DR strategies.
Russian APT28 started exploiting URL validation flaw in ieframe.dll (CVE-2026-21513, CVSS 8.8) in January 2026. We have laid out the technical mechanics of an attack chain that bypasses Mark-of-the-Web via LNK files and executes code outside the browser sandbox.
JPEG-XL revival in Chrome 145 and how to use cjxl, RSA → Elliptic Curve → PQC cryptography transition and Merkle Tree Certificates, WebMCP implementation examples, Chrome zero-day trends, and customizable select elements.
W3C WebAuthn L3 co-editor Tim Cappalli warns against using the PRF extension to derive encryption keys. This article lays out the structural risk of making data permanently unrecoverable if the authenticator is lost, along with Bitwarden, WhatsApp, and other implementations and the recommended Envelope Encryption pattern.
Covers Cisco SD-WAN authentication bypass and UAT-8616's three-year campaign, NuGet/npm supply chain attacks, and Claude Code/Desktop Extensions/Mexico government breach.
Trend Micro analyzed a new AMOS distribution method that targets AI agent workflows. A malicious SKILL.md on OpenClaw plants fake CLI install instructions and uses AI as the intermediary to manipulate people.
Firefox 148 is the first browser to ship the Sanitizer API. With setHTML(), developers finally have a standard browser-level way to replace innerHTML safely and eliminate XSS with minimal code changes.
