Daily Intel Brief — 2026-03-31 — Arc Security Research

In this brief

[VSX Token Theft → Mass Extension Poisoning]
[New Black Hat Web App Research]
[GitHub Actions 2026 Security Roadmap]
[CISA Adds Actively Exploited n8n Vulnerability (CVE-2025-68613)]
[Nuclei Template Integrity & Scaling Process]

[VSX Token Theft → Mass Extension Poisoning]

WhatAttackers steal Open VSX Personal Access Tokens (OVSX_PAT) to poison VS Code extensions at scale, leveraging BreachForums XSS to gather telemetry on threat actors for targeting.

Sourcefirecompass.com

Applies toTargets using VS Code/VSCodium or managing developer toolchains.

Why it mattersThis is a novel supply chain attack against a core developer platform, enabling broad compromise and intelligence gathering.

[New Black Hat Web App Research]

WhatPortSwigger Research released new techniques from Black Hat USA 2026, providing practical attack methods for web application testers.

Sourcex.com

Applies toGeneral web application targets.

Why it mattersPortSwigger's research consistently reveals novel exploitation methods that become widespread in the wild.

[GitHub Actions 2026 Security Roadmap]

WhatGitHub is introducing new security features for Actions: workflow execution protections, enterprise-grade endpoint security, and enhanced secret management.

Sourcegithub.blog

Applies toTargets using GitHub CI/CD.

Why it mattersUpcoming security changes will alter the CI/CD attack surface; testers must adapt techniques for secret leakage, workflow injection, and policy bypass.

[CISA Adds Actively Exploited n8n Vulnerability (CVE-2025-68613)]

WhatCISA added CVE-2025-68613 (improper control of dynamically-managed code resources in n8n) to its Known Exploited Vulnerabilities Catalog.

Sourcewww.reddit.com

Applies toTargets using the n8n workflow automation tool.

Why it mattersConfirmed active exploitation makes this a high-priority finding for any in-scope n8n instance.

[Nuclei Template Integrity & Scaling Process]

WhatProjectDiscovery details its process for maintaining reliable Nuclei templates at scale via a dedicated internal team, community review, and independent validation.

Sourceprojectdiscovery.io

Applies toGeneral (scanner efficacy).

Why it mattersUnderstanding their QA process helps assess scanner coverage gaps and the reliability of template-based findings.

Sources reviewed

21 items. Discarded 16 for being generic (OWASP, roadmap announcements, tool lists), non-technical, or marketing material.

Gaps identified

No new technical writeups for major cloud providers (AWS/Azure/GCP), container orchestration, or specific SaaS platforms. Minimal detail on the specific PortSwigger techniques. No new high-profile bug bounty writeups.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research