I’ve been watching my phone battery go to 37% lately and it’s giving me anxiety even though I know I can make it through the day. This is why I don’t think I’ll ever be able to live with an electric car.

The Scanner That Scanned Itself

Trivy, the widely used security scanner that’s been diligently finding secrets in codebases across the globe, got compromised. A tool designed to spot vulnerabilities became one. If you’re using Trivy, have a small cry about the state of supply chain security.

https://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/

Being Left Behind Is Actually Fine

Someone wrote a lovely piece about being okay with not keeping up with every new thing. In an industry that breathlessly chases every shiny object, every new framework, every paradigm shift announced via Medium post, there’s something deeply rebellious about saying “no thanks, I’m good here.” We’ve convinced ourselves that standing still is death. Sometimes standing still is just having standards.

https://shkspr.mobi/blog/2026/03/im-ok-being-left-behind-thanks/

In response to the above, Adrian Sanabria went on a rant on Mastodon, which I nodded so much in agreement with I hurt my neck.

Your Brain Is Leaking

Criminals love it when you’re drowning in notifications, tabs, and unread emails. You miss things. You click things. You approve things you shouldn’t. Digital cleanup isn’t about files anymore. It’s about giving your brain enough space to actually notice when something’s wrong. Marie Kondo would have made an excellent CISO.

https://blog.knowbe4.com/digital-cleanup-its-not-just-your-files-its-your-brain

Trapped By Security Theatre

A cyberattack on a car breathalyser company left court-ordered users unable to start their vehicles. Not because they’d been drinking. Because the servers were down. You’re sober. You’re compliant. Yet you can’t even leave the theatre anymore. You’re just stuck in the car park, breathing into a brick.

https://www.wired.com/story/security-news-this-week-cyberattack-on-a-car-breathalyzer-firm-leaves-drivers-stuck/

Spite-Driven Insecurity

I left an API key exposed specifically to spite Claude.

Yes, I am petty, I don’t condone it, but my ego is bigger than that.

https://blog.knowbe4.com/i-didnt-revoke-my-api-keys-because-claude-called-me-an-idiot

AI Ate AI McKinsey’s AI platform got comprehensively owned by another AI. The attacker found 22 unauthenticated endpoints, exploited SQL injection like it was 2003, accessed millions of messages, and then, just for fun, rewrote the system prompts. Your AI governance strategy is probably a spreadsheet someone created in a panic after a board meeting. This should worry you more than it probably does. https://blog.knowbe4.com/best-practices-for-implementing-ai-agents

Until Next Week If any of this made you want to unplug your router and become a bee farmer, you’re having the correct emotional response. If you’ve got stories, rants, or tales of AI betrayal, hit reply. I read them all, usually while my phone is still pretending to have battery.

Stay cynical.

*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: https://javvadmalik.com/2026/03/27/breach-of-confidence-27-march-2026/