Brought to you by Nigel Douglas, Head of Developer Relations at Cloudsmith.
If February was a frost, March is a flood. Open-source vulnerabilities are being exploited in the wild. The popular vulnerability scanner Trivy was hit by a high-profile malware injection. Threat actors are targeting the tools we use to build - malicious Python packages, compromised binaries, the works.
The vibe coding honeymoon is over. This edition covers what's actually changing: package management under the EU's CRA, Kubernetes' internal imaging pipeline rewrite, and what it takes to move AI-assisted development from experimental to production-hardened in 2026.
VULN ROUND UP
Common Vulnerabilities & Exposures
Ubuntu flaw lets attackers gain Root via systemd cleanup timing exploit A high-severity flaw in Ubuntu 24.04 and later allows local attackers to escalate privileges to full root access. The issue stems from a complex interaction between snap-confine and systemd-tmpfiles, where attackers can exploit a 10–30 day cleanup window to replace a deleted system directory with a malicious payload. Once executed, this payload runs with root privileges.
Langflow AI python dependency exploited within 20 hrs of public disclosure Exploited within 24 hours of disclosure, this Langflow flaw allows unauthenticated attackers to execute arbitrary Python code via an unsandboxed exec() endpoint, leading to immediate RCE and credential theft.
Ingress-nginx configuration injection vulnerabilities for Kubernetes A high-severity configuration injection vulnerability (CVE-2026-3288) was patched in Kubernetes ingress-nginx on March 9, 2026. Unsanitized double quotes in the Ingress path (buildProxyPass()) allow authenticated attackers to inject arbitrary NGINX directives, potentially leading to RCE.
Kubernetes NFS CSI Driver path traversal may delete unintended directories A medium-severity path traversal flaw (CVE-2026-3864) in Kubernetes CSIDriver for NFS allows attackers with PersistentVolume permissions to escape directories using ../ sequences, risking deletion or modification of sensitive files.
Trivy compromised again with malware A supply chain attack hit Trivy's GitHub build process - versions v0.69.4 and v0.70.0 are compromised. Malicious code scrapes secrets from CI runner memory and exfiltrates them. trivy-action and setup-trivy GitHub Actions are affected too. :point_right: If you ran either version, start incident response now.
GlassWorm supply-chain attack abuses 72 Open VSX extensions to target developers The GlassWorm supply-chain attack now targets developers via 72 malicious Open VSX extensions, turning trusted tools into malware delivery vehicles. Attackers use stealthy techniques like invisible Unicode, blockchain dead-drops, and AI-generated cover commits.
Bucketsquatting is (finally) dead To combat the long-standing security risk of bucketsquatting, where attackers hijack deleted or predictable S3 bucket names (similar to typosquatting), AWS introduced a new recommended naming convention that acts as a protected account namespace.
ENISA publishes technical advisory on secure use of package managers
ENISA’s advisory guides secure package manager use ahead of the EU Cyber Resilience Act, making vulnerability reporting mandatory from Sept 11, 2026. It covers SBOMs, provenance checks, and continuous monitoring to reduce supply chain risks.
Kubernetes 1.36 - What you need to know Kubernetes 1.36 is the first major 2026 release, packed with updates for security, AI hardware, and more. The official tracker lists 80 enhancements moving to stable, including User Namespaces in pods, Mutating Admission Policies, and 4 DRA-specific KEPs going GA.
Modernizing the Kubernetes Image Promoter Kubernetes has modernized kpromo, its critical image promoter, moving from a monolith to a seven-phase pipeline and cutting execution times from 20 minutes to 2. Improvements include parallel registry reads, adaptive rate limiting, and SLSA provenance attestations to boost security and reliability.
Netflix found a faster way to load containers Netflix fixed a major container scaling bottleneck after moving from Docker to containerd, where thousands of kernel calls caused multi-core nodes to stall. Using recursive bind mounts in Linux 6.3 and modern caching, they simplified operations and ensured seamless scaling.
Kyverno has graduated CNCF, evolving from a Nirmata internal tool to a mature, industry-standard policy engine for Kubernetes security, compliance, and workload management. Maintainers plan to extend policy-as-code into AI and agentic workloads, backed by a growing community and enterprise adoption.
To scale security alongside a 5x increase in PR velocity, Travis McPeak and his team deployed a fleet of autonomous security agents built on Cursor Automations. Using a specialized MCP for data persistence, they launched four open-source templates: Agentic Security Review (PR gating), Vuln Hunter (code scanning), Anybump (dependency patching), and Invariant Sentinel (compliance monitoring).👉 Explore Cursor's autonomous security agents
Hugging Face introduces a curated set of Skills built for AI builders
Hugging Face Skills is an open-source library of standardized, interoperable task definitions that allow AI coding agents to perform complex ML workflows. These skills enable agents to automate specialized tasks like fine-tuning models with TRL, managing datasets via the HF Hub, creating Gradio Interfaces, and publishing research papers.
Perplexity CTO moves away from MCP toward APIs and CLIs
Perplexity is moving from MCP to traditional APIs and CLIs, launching a unified Agent API for top AI models with a single key and OpenAI-compatible syntax. The shift reflects the trend toward simpler, more reliable REST integrations for production AI.
Don’t trust AI agents, says OpenClaw’s security-first alternative, NanoClaw
NanoClaw is a secure alternative to the vulnerable OpenClaw framework, running each AI agent in its own isolated Docker container to prevent malware, data leaks, and unauthorized access. By assuming agents may misbehave, it sets a new enterprise-ready standard for AI in DevOps and fintech.
Golden Paths scale productivity, but in this on-demand webinar, Cloudsmith and Octopus Deploy show how to go beyond SBOMs to secure trust from source to ship.
