Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Researchers at Socket have uncovered five malicious Rust packages published to crates.io — chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync — that masquerade as legitimate time-synchronization utilities while silently harvesting developer credentials from .env files and exfiltrating them to attacker-controlled infrastructure hosted under the lookalike domain “timeapis[.]io.” All five crates are assessed to be the work of a single threat actor based on shared exfiltration methodology, and they were published in a tight window between late February and early March 2026, suggesting a coordinated campaign designed to slip into CI/CD pipelines during the dependency resolution phase before security teams could flag the new packages. The disclosure adds to a growing wave of malicious package attacks targeting Rust, Python, and JavaScript ecosystems, and reinforces the need for supply chain monitoring tools capable of detecting behavioral anomalies — such as unexpected network calls or file system access in packages that have no business making them — rather than relying solely on reputation and download counts.
Microsoft Patch Tuesday, March 2026 Edition
Microsoft’s March 2026 Patch Tuesday addressed at least 77 vulnerabilities across Windows and its broader software portfolio — notable mainly because it is the first monthly update in six months to contain no actively exploited zero-days, a welcome contrast to February’s five-zero-day release. The update does include a zero-click information disclosure flaw in Microsoft Excel, CVE-2026-26144, in which an attacker can weaponize the Copilot Agent to exfiltrate sensitive spreadsheet data without any interaction from the victim — a scenario Zero Day Initiative’s Dustin Childs called “fascinating” and warned is likely to become more common as AI-assisted features proliferate across enterprise productivity software. Also patched are a pair of Office remote code execution bugs (CVE-2026-26110 and CVE-2026-26113) that can trigger code execution via preview pane alone, and a SQL Server privilege escalation flaw (CVE-2026-21262) listed as publicly known at the time of release, making prompt patching advisable despite Microsoft’s “less likely to be exploited” classification.
CISA Shortens Patch Deadline for Critical Ivanti, SolarWinds Bugs
CISA has issued shortened patch deadlines — significantly tighter than the standard 21-day window under Binding Operational Directive 22-01 — for three vulnerabilities in Ivanti and SolarWinds products that the agency says are being actively exploited by both cybercriminal groups and nation-state actors, giving Federal Civilian Executive Branch agencies less than a week to remediate. The compressed timelines reflect growing frustration within CISA over the pace of federal agency patching for high-severity flaws in widely deployed enterprise network management products, which have become a preferred initial access vector for threat actors looking to establish persistent footholds across government and critical infrastructure networks. Security teams using affected Ivanti Endpoint Manager Mobile or SolarWinds Web Help Desk instances should treat the shortened deadline as a strong signal to prioritize these patches regardless of whether they are subject to CISA’s federal directives, as exploitation activity in the wild is confirmed.
Hackers Abuse .arpa DNS and IPv6 to Evade Phishing Defenses
Researchers at Infoblox have documented a novel phishing technique in which attackers abuse the special-use “.arpa” top-level domain — normally reserved for internet infrastructure reverse DNS lookups — by acquiring IPv6 address space and then configuring phishing URLs within those ip6.arpa reverse DNS zones through permissive DNS providers including Hurricane Electric and Cloudflare, producing phishing links that carry no WHOIS data, no domain age, and no registrant contact information, stripping away much of what traditional email security gateways rely on to score domain reputation. The campaign layers additional evasion on top by hijacking dangling CNAME records and subdomain shadowing to serve phishing content through subdomains of legitimate organizations including government agencies, universities, and major retailers — with over 100 such hijacked CNAMEs identified — and routes victims through a traffic distribution system that validates targets by device type and IP before redirecting them to credential harvesting pages, while the phishing links themselves are kept deliberately short-lived to frustrate researcher analysis. Organizations should consider blocking outbound DNS queries to ip6.arpa zones not associated with their own infrastructure, and review whether their email security tooling is equipped to handle non-standard TLD-based phishing hostnames. (Note: BleepingComputer blocks automated fetches but is fully accessible in-browser.)
Federal Judge Blocks Perplexity’s AI Browser from Making Amazon Purchases
A federal judge in the Northern District of California issued a temporary injunction on March 9 blocking Perplexity’s Comet agentic AI browser from accessing user Amazon accounts and making purchases, ruling that Amazon is likely to succeed on the merits of its claim that Comet violates the Computer Fraud and Abuse Act by covertly posing as human traffic and accessing accounts without Amazon’s authorization — even when users themselves have granted Comet permission. The ruling comes against a backdrop of independent security research from Zenity Labs documenting serious prompt injection vulnerabilities in Comet that allowed attackers to hijack the browser via a malicious calendar invite and silently access local file systems, directories, and even password managers, underscoring that the legal and security risks of agentic AI browsers are converging simultaneously. The case has broad implications for the entire class of AI agent tools that operate across third-party platforms, raising unresolved questions about where user consent ends and unauthorized computer access begins — a line that courts, regulators, and AI vendors are now being forced to draw in real time.
