A massive supply chain attack compromises hundreds of Python repositories through stolen GitHub tokens. The EU imposes sanctions on Chinese and Iranian cyber threat actors. Apple deploys its first-ever silent background security patch. LeakNet ransomware evolves with ClickFix social engineering and Deno runtime payloads. Plus: a font-rendering trick that blinds AI security tools, Chrome zero-days patched, and a Russian backdoor targeting Ukraine.
Stolen GitHub tokens are being used to force-push malicious code into legitimate Python repositories. If your organization uses open-source Python packages, assume you may be affected until verified.
The GlassWorm ForceMemo campaign represents one of the most sophisticated supply chain attacks of 2026. Threat actors have leveraged stolen GitHub personal access tokens to inject obfuscated malware into over 400 Python repositories, including Django applications, machine learning libraries, and packages published to PyPI.
The attack methodology is particularly insidious. Attackers use git rebase and force-push operations to append malicious code to setup.py, main.py, and app.py files — while preserving the original author attribution and commit dates. This means standard git log inspection won't reveal unauthorized changes. The earliest confirmed injections date back to March 8, 2026, giving the attackers a 10-day head start before widespread detection.
.env files, CI/CD logs, and phishing campaigns targeting maintainerssetup.py, main.py, and app.py across all Python repos for unexpected changes since March 8The European Union Council has imposed sanctions on 3 entities and 2 individuals linked to cyberattacks targeting critical infrastructure across Europe. The sanctioned parties are associated with Chinese and Iranian state-sponsored operations.
This marks a significant escalation in the EU's use of its cyber sanctions framework, first established in 2019 but rarely invoked. The targeted entities are accused of conducting persistent campaigns against energy grids, telecommunications networks, and government systems across multiple EU member states.
For companies operating under NIS2 compliance requirements, this development reinforces the reality that state-sponsored threats are not hypothetical. The sanctions signal that EU intelligence agencies have high-confidence attribution — meaning the underlying attack campaigns are well-documented and likely ongoing.
Organizations in critical infrastructure sectors should review their threat models and ensure their incident response plans account for nation-state level adversaries. NIS2 Article 21 specifically requires "appropriate and proportionate technical, operational and organisational measures" — and the bar for what's proportionate just rose.
Apple has released its first-ever "Background Security Improvements" update, silently patching a WebKit vulnerability tracked as CVE-2026-20643 on iPhones, iPads, and Macs — without requiring a full OS upgrade or device restart.
This is a landmark moment for Apple's security posture. The new mechanism allows Apple to deploy targeted fixes for actively exploited vulnerabilities within hours rather than weeks. The WebKit flaw being patched could allow remote code execution through crafted web content — a classic drive-by attack vector.
Verify your devices have received the update by checking Settings → General → About for the "Background Security Improvements" entry.
LeakNet combines social engineering with an unconventional runtime to bypass traditional endpoint detection. Organizations relying solely on signature-based AV should treat this as high priority.
The LeakNet ransomware gang has adopted a two-pronged innovation in their latest campaigns. For initial access, they deploy ClickFix social engineering — fake browser error pages that instruct victims to paste malicious commands into their terminal or Run dialog. Once inside, the payload is a malware loader built on the Deno runtime.
Deno is a legitimate JavaScript/TypeScript runtime created by the original author of Node.js. By packaging malware as Deno applications, LeakNet achieves several advantages:
The ClickFix technique continues to prove devastatingly effective against non-technical employees who trust browser warnings implicitly. Security awareness training must specifically address this attack pattern.
Security researchers have disclosed a novel attack that hides malicious commands from AI-powered security assistants using font-rendering tricks in HTML. The technique exploits the gap between what AI models "read" in raw HTML and what humans see rendered in a browser.
By using custom web fonts that remap character glyphs, attackers can make malicious instructions appear as benign text to AI models while displaying entirely different content to human viewers — or vice versa. This means AI-driven email scanners, web content analyzers, and security copilots can be systematically deceived.
The attack uses CSS @font-face declarations with custom unicode-range mappings. The raw HTML source contains benign text, but the rendered output — after font substitution — displays hidden commands, phishing content, or social engineering prompts. AI tools that parse the DOM or raw text never see the visual payload.
This is a stark reminder that AI security tools are not a silver bullet. Defense-in-depth remains essential, and organizations should not rely solely on AI-based detection for content analysis.
A new Pentera report surveying 300 US CISOs reveals a troubling reality: 67% report limited visibility into how AI tools are being used within their organizations, and not a single respondent claimed full visibility.
AI adoption is outpacing security governance at an alarming rate. Shadow AI — unauthorized use of AI tools by employees — is creating blind spots that traditional security monitoring cannot detect. From ChatGPT to custom fine-tuned models running on company data, the attack surface is expanding faster than security teams can map it.
Organizations should establish AI usage policies, implement data loss prevention controls around AI tools, and create an AI asset inventory as foundational steps.
Russian-linked threat actors are deploying a JavaScript backdoor with microphone and webcam access capabilities through Microsoft Edge browser extensions.
A campaign attributed to Laundry Bear (UAC-0190), a Russian-linked threat group, is deploying the DRILLAPP backdoor against Ukrainian targets. The attack uses lure documents themed around judicial proceedings and charity organizations to trick victims into installing a malicious Microsoft Edge browser extension.
Once installed, DRILLAPP operates as a JavaScript-based backdoor with alarming capabilities:
While currently targeting Ukraine, the techniques demonstrated by DRILLAPP — particularly browser extension-based espionage — represent a template that other threat actors will inevitably adopt. Organizations should audit browser extension policies and restrict installation to approved extensions only.
Two zero-day vulnerabilities are being actively exploited in the wild. Patch all Chrome and Chromium-based browsers immediately.
Google has released emergency patches for two actively exploited vulnerabilities in Chrome:
| CVE | Component | Type | Severity |
|---|---|---|---|
| CVE-2026-3909 | Skia (graphics engine) | Out-of-bounds write | Critical |
| CVE-2026-3910 | V8 (JavaScript engine) | Inappropriate implementation | High |
The Skia vulnerability (CVE-2026-3909) is particularly dangerous — out-of-bounds write bugs in graphics engines can lead to remote code execution through crafted images or web content. The V8 flaw (CVE-2026-3910) affects Chrome's JavaScript engine and could allow sandbox escape when chained with other vulnerabilities.
Both vulnerabilities affect all Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi. Update all browsers across your organization immediately.
| CVE | Product | Severity | Status |
|---|---|---|---|
| CVE-2026-20643 | Apple WebKit (iOS/iPadOS/macOS) | High | Patched (Background Update) |
| CVE-2026-3909 | Google Chrome (Skia) | Critical | Patched — Update Now |
| CVE-2026-3910 | Google Chrome (V8) | High | Patched — Update Now |
🛡️ Supply Chain Defense: KENSAI's dependency scanning and SBOM analysis detects compromised packages in your Python, Node.js, and container dependencies — including the obfuscated payloads used by GlassWorm ForceMemo.
🔍 Vulnerability Detection: Our continuous scanning identifies known CVEs like CVE-2026-20643, CVE-2026-3909, and CVE-2026-3910 across your web applications and infrastructure before attackers can exploit them.
🌐 Web Application Security: KENSAI's DAST engine tests for the font-rendering evasion techniques, ClickFix landing pages, and browser extension attack vectors highlighted in today's briefing.
📋 NIS2 Compliance: With the EU escalating cyber sanctions, demonstrating proactive security through continuous testing is more important than ever. KENSAI maps findings directly to NIS2 Article 21 requirements.
setup.py, main.py, and app.py files for unexpected changes since March 8Run a free KENSAI scan to check your web applications for the vulnerabilities discussed in today's briefing — including supply chain risks, outdated browsers, and exposed attack surfaces.
Start Free Scan →Stay satisfactorily secure. Stay vigilant.
🗡️ KENSAI Security Team