Appsec adventures

National Institute of Standards and Technology announced updates to the National Vulnerability Database to cope with rapid growth in Common Vulnerabilities and Exposures records. The changes focus on improving processing efficiency, prioritizing high-impact vulnerabilities, and scaling operations as submissions surge. NIST aims to reduce backlogs and deliver faster enrichment data, acknowledging that rising CVE volume has outpaced traditional workflows and requires more automation and refined prioritization. https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth

Google has announced public availability of Device Bound Session Credentials (DBSC) for Windows users on Chrome 146, with macOS support coming soon. DBSC cryptographically binds authentication sessions to a specific device using hardware-backed security modules like the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS. The browser generates a unique public/private key pair that cannot be exported from the machine. Servers issue short-lived session cookies contingent on Chrome proving possession of the corresponding private key, rendering any exfiltrated cookies useless to attackers who steal them via infostealer malware such as LummaC2. DBSC shifts from reactive detection to proactive prevention, and Google has observed a significant reduction in session theft since its early rollout. The protocol preserves privacy by using distinct keys per session, preventing cross-session or cross-site correlation. DBSC was designed as an open web standard through the W3C pro...

OpenSSL 4.0.0 is a major release that removes long-deprecated features and introduces post-quantum cryptography support. SSLv3 support and SSLv2 Client Hello are gone entirely, as is the engine API for external cryptographic hardware. The release adds Encrypted Client Hello (ECH) per RFC 9849 to encrypt server name indications, plus the hybrid key exchange group curveSM2MLKEM768, the ML-DSA-MU digest algorithm, cSHAKE per NIST SP 800-185, and negotiated FFDHE key exchange for TLS 1.2. API changes include making ASN1_STRING opaque, deprecating several X.509 time comparison functions, and removing BIO_f_reliable. Build changes drop support for deprecated elliptic curves and darwin-i386/darwin-ppc targets, remove the c_rehash script in favor of openssl rehash, and add Visual C++ runtime linkage options on Windows. Applications built against older OpenSSL versions will require code updates due to the API and behavior changes. https://www.helpnetsecurity.com/2026/04/14/openssl-4-0-0-release...

Google researchers indicate that advances in quantum algorithms could allow future quantum computers to break Bitcoin’s cryptographic protections sooner than expected, requiring far fewer qubits than previously estimated. This could make certain Bitcoin wallets vulnerable once sufficiently powerful machines exist, potentially within the next decade. Although current technology is not yet capable, the findings highlight the urgency of preparing post-quantum security measures, especially given the difficulty of upgrading decentralized systems like Bitcoin in time.  https://www.forbes.com/sites/digital-assets/2026/03/31/google-finds-quantum-computers-could-break-bitcoin-sooner-than-expected/

ToolJack is an attack methodology that manipulates the trust boundary between AI agents and their tools. After achieving local compromise, an attacker can extract session credentials, pivot across devices, and intercept the bridge protocol between Claude Desktop and its browser extension. This enables Phantom Tab Injection (fabricating tabs only the agent sees) and Tool Relay Spoofing (replacing legitimate tool responses with attacker-controlled data), leading to Remote Listener Indirect Prompt Injection—actively constructing a poisoned environment around the agent. Testing showed complete control over the agent's perceived context, but Anthropic's model-level safety alignment consistently blocked autonomous code execution. The research concludes that infrastructure requires cryptographic tool attestation and device-bound tokens, while model alignment serves as a critical last line of defense.  https://www.preamble.com/blogs/tooljack-hijacking-an-ai-agents-perception-through-br...

On March 30, 2026, a threat actor compromised the npm account of a lead axios maintainer and published two malicious versions—axios@1.14.1 and axios@0.30.4—injecting a hidden dependency called plain-crypto-js@4.2.1. This dependency never appears in axios source code and exists solely to execute a postinstall script that drops a cross-platform remote access trojan (RAT) targeting macOS, Windows, and Linux. The attacker pre-staged the malicious package 18 hours earlier with a decoy version to evade detection, then published both axios releases within 39 minutes. The RAT dropper contacts a command-and-control server at sfrclak.com:8000, delivers platform-specific second-stage payloads, then self-deletes and replaces its own package.json with a clean stub to hide forensic evidence. The malicious versions were live for approximately three hours before npm unpublishing. Detection came from StepSecurity’s AI Package Analyst and Harden-Runner, which flagged anomalous outbound connections in CI...