LeakNet Ransomware Adopts ClickFix + Deno Runtime, GlassWorm ForceMemo Hijacks Python Repos, RondoDox Botnet Exploits 174 Vulnerabilities, CISOs Struggle With AI Security
The LeakNet ransomware gang combines ClickFix social engineering with a Deno-based in-memory loader to evade detection. GlassWorm's ForceMemo campaign uses stolen GitHub tokens to inject malware into hundreds of Python repositories via force-push. RondoDox botnet peaks at 15,000 exploitation attempts daily across 174 vulnerabilities. Pentera report reveals 67% of CISOs have limited visibility into AI usage. Oracle EBS breach fallout continues with four major companies still silent. Tech giants sign anti-scam industry pact.
🔐 LeakNet Ransomware Adopts ClickFix + Deno Runtime for Stealthy Attacks
The LeakNet ransomware group has evolved its initial access strategy by combining the ClickFix social engineering technique with a novel malware loader built on the Deno JavaScript/TypeScript runtime, according to research published today by ReliaQuest.
⚠️ Critical: "Bring Your Own Runtime" Attack
LeakNet installs the legitimate, signed Deno executable on victim systems and uses it to run malicious JavaScript directly in memory. Because Deno is a trusted developer tool, it bypasses most endpoint blocklists and application whitelisting controls. ReliaQuest calls this a "Bring Your Own Runtime" (BYOR) attack.
Attack Chain
The full attack sequence unfolds in multiple stages:
- Initial Access: ClickFix lure tricks victims into pasting a command into their terminal
- Loader Deployment: VBS and PowerShell scripts (
Romeo*.ps1andJuliet*.vbs) install Deno and execute the JavaScript payload in memory - Fingerprinting: The loader profiles the host, generates a unique victim ID, and connects to C2
- Persistence: DLL sideloading via
jli.dllloaded through Java inC:\ProgramData\USOShared - Lateral Movement: PsExec for network propagation,
klistfor credential discovery - Exfiltration: Data staged and exfiltrated through abused Amazon S3 buckets
Detection Opportunities
Despite the sophistication, the attack chain offers clear detection signals:
- Deno execution outside development environments
- Suspicious
misexecexecution from browsers - Abnormal PsExec usage patterns
- Unexpected outbound traffic to S3 endpoints
- DLL sideloading in non-standard directories
🏢 NIS2 Relevance
Under NIS2 Article 21, essential and important entities must implement measures for supply chain security and incident handling. The BYOR technique exploiting legitimate runtimes highlights the need for behavioral detection beyond simple allowlisting — a requirement that continuous security validation through automated pentesting can address.
🐍 GlassWorm ForceMemo: Stolen GitHub Tokens Weaponize Python Repositories
The GlassWorm malware campaign has spawned a dangerous new phase dubbed ForceMemo, which leverages stolen GitHub tokens to inject malware into hundreds of Python repositories, according to StepSecurity.
How ForceMemo Works
- Token Theft: GlassWorm malware, spread through malicious VS Code and Cursor extensions, steals GitHub tokens from developer systems
- Account Takeover: Attackers use stolen tokens to access developer GitHub accounts
- Stealthy Injection: Malicious code is rebased onto the latest legitimate commits and force-pushed, preserving the original commit message, author, and date
- Payload Activation: Base64-encoded payload appended to
setup.py,main.py, orapp.pytriggers when anyone runspip installor executes cloned code
⚠️ Critical: Russian Locale Check
The malware checks if the system locale is set to Russian — if so, it skips execution. This is a common tactic by Russian-linked threat actors to avoid compromising domestic systems, strongly suggesting the campaign's origin.
Targeted projects include Django apps, ML research code, Streamlit dashboards, and PyPI packages. The earliest injections date back to March 8, 2026, meaning potentially thousands of developers may have already executed compromised code over the past nine days.
Mitigation Steps
- Rotate all GitHub tokens immediately, especially if you've installed VS Code or Cursor extensions from untrusted sources
- Enable GitHub's commit signing requirement on all repositories
- Review recent force-pushes to your repositories via
git reflog - Audit
setup.py,main.py, andapp.pyfiles for appended Base64-encoded content - Enable branch protection rules that block force-pushes to default branches
🤖 RondoDox Botnet Peaks at 15,000 Daily Exploits Across 174 Vulnerabilities
The RondoDox botnet has significantly escalated its activity, peaking at 15,000 exploitation attempts per day while targeting an expanded arsenal of 174 known vulnerabilities, according to SecurityWeek.
Unlike spray-and-pray botnets, RondoDox has adopted a more targeted approach, focusing exploitation attempts on specific vulnerability classes and device types rather than indiscriminately scanning the internet.
🔢 By the Numbers
174 CVEs targeted · 15,000 exploitation attempts/day at peak · Focused on IoT devices, network appliances, and unpatched web applications · Multiple exploit chains combining initial access with privilege escalation
The botnet's expansion underscores the critical importance of timely patch management and continuous vulnerability scanning — particularly for internet-facing infrastructure where even a brief patching delay can result in compromise.
🧠 67% of CISOs Report Limited AI Security Visibility — Pentera Report
A new AI and Adversarial Testing Benchmark Report 2026 from Pentera, surveying 300 US CISOs and senior security leaders, reveals a stark gap between AI adoption speed and security readiness.
Key Findings
- 67% of CISOs report limited visibility into how AI is used across their organizations
- Zero respondents claimed full visibility into AI usage
- 50% cite lack of internal expertise as the top barrier (not budget — only 17% cited financial constraints)
- 48% report limited visibility into AI usage as a key obstacle
- 75% rely on legacy security controls not designed for AI systems
- 36% say they lack security tools specifically designed for AI
The report highlights that AI systems introduce novel risk vectors — autonomous decision-making, indirect access paths, and privileged inter-system interactions — that traditional endpoint, application, and API security tools were never designed to detect or control. The skills gap, not budget, is the primary bottleneck.
🏛️ Oracle EBS Breach: Four Corporate Giants Still Silent
As the fallout from the Oracle E-Business Suite breach continues, SecurityWeek reports that Broadcom, Bechtel, Estée Lauder, and Abbott Technologies remain the only major companies that have not issued public statements about potential impact.
The silence is notable given that other affected organizations have already disclosed details and begun customer notification processes. Under both SEC cyber incident disclosure rules and EU NIS2 requirements, material cybersecurity incidents must be reported within defined timeframes — 4 business days for SEC and 24 hours for NIS2 early warning.
🤝 Google, Meta, Microsoft Sign Industry Anti-Scam Pact
Several major technology and retail companies, including Google, Meta, and Microsoft, have signed an industry accord to combat online scams and fraud. The agreement establishes shared frameworks for:
- Cross-platform scam intelligence sharing
- Coordinated takedown of fraud infrastructure
- Standardized scam reporting mechanisms for consumers
- Joint investment in AI-powered scam detection
While industry self-regulation has historically shown mixed results, the involvement of the largest platform operators signals growing pressure — both regulatory and reputational — to address the explosion of AI-generated scam content.
💰 Tracebit Raises $20M for Cloud-Native Deception Technology
Tracebit has raised $20 million in funding to scale its cloud-native deception technology platform. The company plans to expand to new markets and grow its marketing and engineering teams. Deception technology — deploying honeytokens, decoy resources, and tripwires across cloud environments — has gained traction as organizations seek detection methods that don't rely on signatures or known attack patterns.
📋 CISA Flags Year-Old Wing FTP Vulnerability as Exploited
CISA has added CVE-2025-47813, a year-old Wing FTP Server vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw leads to disclosure of the application's full local installation path, which attackers can leverage for further exploitation.
⏰ Patch Deadline
Federal agencies are required to patch within CISA's mandated timeline. All organizations using Wing FTP Server should update immediately and audit access logs for signs of exploitation.