Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The JavaScript ecosystem experienced a significant supply chain incident on 31 March 2026 when two newly published Axios versions were found to contain a malicious dependency. Axios is one of the most widely used HTTP clients in both browser and Node.js environments, with weekly downloads ranging from 80 to over 100 million. The compromise impacted organisations across sectors that rely on the package for service integration and automation.

For organisations pursuing SOC 2, demonstrating effective security controls is central to the audit process. While the framework does not prescribe specific technologies or testing frequencies, it does require evidence that risks are identified, assessed, and mitigated through appropriate controls. This is where SOC 2 penetration testing becomes particularly relevant.

In March 2026, a critical severity vulnerability was disclosed in the GNU InetUtils telnetd service. The flaw, tracked as CVE-2026-32746, impacts all versions up to and including InetUtils 2.7. Telnetd is a legacy remote access service that establishes interactive shell sessions over the Telnet protocol. The vulnerability enables remote unauthenticated attackers to achieve arbitrary code execution with root privileges.

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2 has emerged as one of the most widely recognised frameworks for demonstrating product security assurance.

Ecommerce platforms represent one of the most consistently targeted areas of the modern digital estate. They process payment data, store personal information, integrate with logistics and marketing systems, and underpin revenue for many large businesses. The combination of financial value and sensitive data makes ecommerce security vulnerabilities an attractive target for attackers.

Microsoft is making a fundamental change to how outbound internet connectivity works for virtual machines within Azure Virtual Networks. From March 2026, default outbound access will be retired for new virtual networks, requiring organisations to explicitly design and configure outbound connectivity for their workloads.