Daily Threat Briefing
GlassWorm Campaign Hits 400+ Repos Across GitHub, npm, VSCode, and OpenVSX
The GlassWorm supply-chain campaign returned with a coordinated attack injecting malware into hundreds of Python repositories, npm packages, and VSCode/OpenVSX extensions. Attackers used stolen GitHub tokens to force-push obfuscated code into setup.py, main.py, and app.py files of legitimate projects — including Django apps, ML research code, and PyPI packages. Anyone running pip install from a compromised repo triggers the malware. Earliest injections traced to March 8. The sub-campaign has been codenamed ForceMemo.
Font-Rendering Trick Hides Malicious Commands from AI Security Tools
A novel attack technique causes AI assistants to miss malicious commands embedded in webpages by exploiting font-rendering differences. Malicious instructions are hidden in seemingly harmless HTML that renders differently for humans vs. AI parsers, creating a new class of prompt injection and evasion attacks against AI-powered security tools.
LeakNet Ransomware Adopts ClickFix + Deno Runtime for Stealthy Attacks
LeakNet ransomware now uses the ClickFix social engineering technique for initial access, tricking users into running malicious commands via fake error prompts on compromised websites. The group deploys a "Bring Your Own Runtime" (BYOR) attack using the legitimate Deno JavaScript runtime to execute payloads directly in memory — bypassing EDR blocklists since Deno is a signed, trusted binary. Post-exploitation includes DLL sideloading via Java, lateral movement via PsExec, credential discovery via klist, and data exfiltration through Amazon S3 buckets. Detection keys: Deno running outside dev environments, abnormal PsExec usage, unexpected S3 outbound traffic.
Apple Patches WebKit Flaw CVE-2026-20643 via First Background Security Update
Apple released its first-ever "Background Security Improvements" update — a new mechanism to push critical fixes to iPhones, iPads, and Macs without requiring a full OS upgrade. The patch addresses a WebKit vulnerability (CVE-2026-20643). This represents a significant shift in Apple's patching strategy, enabling faster response to browser engine flaws.
CISA Flags Wing FTP Vulnerability CVE-2025-47813 as Actively Exploited
CISA added a Wing FTP Server information disclosure vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The flaw leaks the full local installation path of the application. While rated medium severity (CVSS 4.3), active exploitation in the wild makes patching urgent — path disclosure can be chained with other vulnerabilities for full compromise.
AI Platform Flaws: Amazon Bedrock, LangSmith, SGLang Enable Data Exfil & RCE
BeyondTrust disclosed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries, enabling attackers to establish C2 channels, exfiltrate data, and obtain interactive reverse shells — bypassing expected network isolation. The technique uses DNS A records for bidirectional communication. Amazon classified this as "intended functionality" rather than a defect, recommending VPC mode for complete isolation. Organizations running AI code interpreters with overprivileged IAM roles are at highest risk.
RondoDox Botnet Exploiting 174 Vulnerabilities at Scale
The RondoDox botnet has increased activity, peaking at 15,000 exploitation attempts per day across 174 known vulnerabilities. The botnet is taking a more targeted approach, focusing on unpatched infrastructure. Organizations should validate patch status across all known CVEs targeted by this campaign.
EU Sanctions Chinese and Iranian Entities for Cyberattacks on Critical Infrastructure
The European Union Council announced sanctions against three entities and two individuals for involvement in cyberattacks targeting critical infrastructure in Europe. The sanctioned parties are linked to Chinese and Iranian state-sponsored operations. This marks continued escalation in the EU's willingness to use cyber-sanctions as a deterrent — directly relevant to NIS2 threat landscape assessments.
DRILLAPP Backdoor Targets Ukraine via Microsoft Edge Debugging
Russian-linked threat actors are targeting Ukrainian entities with DRILLAPP, a JavaScript-based backdoor that runs through Microsoft Edge's debugging features. The malware can upload/download files, access microphones, and capture webcam images by abusing browser capabilities. Campaign uses judicial and charity themed lures for initial access via LNK files. Attributed to Laundry Bear (Void Blizzard).
North Korean Konni Group Deploys EndRAT via KakaoTalk Propagation
North Korean threat actors (Konni group) are compromising targets via spear-phishing, then hijacking the victim's KakaoTalk desktop application to distribute malicious payloads to their contacts — weaponizing trusted communication channels for malware propagation. The EndRAT malware provides full remote access.
China-Linked Hackers Target Asian Militaries in Patient Espionage Operation
State-sponsored Chinese hackers deployed custom tools against Asian military targets and remained dormant in compromised environments for months before activating — demonstrating advanced persistence and patience in espionage operations.
Robotic Surgery Giant Intuitive Discloses Cyberattack
Intuitive, the maker of the da Vinci robotic surgery system, disclosed that internal business applications were accessed after an employee fell victim to a phishing attack. The healthcare tech company is investigating the scope of the breach. Given the sensitivity of surgical and patient data, this incident carries significant regulatory and patient safety implications.
UK Companies House Exposed Details of Millions of Firms
A vulnerability in UK Companies House could have been exploited to obtain company details and alter records for millions of firms registered in the UK. The government agency confirmed the flaw. The potential for record manipulation raises serious concerns about corporate identity fraud and supply chain trust.
Oracle EBS Hack: 4 Corporate Giants Still Silent on Impact
Following an Oracle E-Business Suite breach, Broadcom, Bechtel, Estée Lauder, and Abbott Technologies remain the only major companies that have not issued public statements on potential impact. Pressure mounts for disclosure as other affected organizations have already communicated with stakeholders.
$12.5M Invested in Open Source Security by Tech Giants
Anthropic, AWS, Google, Microsoft, and OpenAI jointly funded the Linux Foundation's long-term security initiatives for open source software with a $12.5M investment — signaling that the industry is taking supply chain security seriously post-Log4j era.
Surf AI Raises $57M for Agentic Security Operations
Surf AI launched with $57M backing from Accel, Cyberstarts, and Boldstart Ventures for an agentic security operations platform. The emerging "agentic SecOps" category continues to attract significant venture capital.
Tracebit Raises $20M for Cloud-Native Deception Technology
Tracebit secured $20M to scale its cloud-native deception products, expand to new markets, and grow engineering and marketing teams. Deception technology continues to gain traction as a complement to traditional detection approaches.
Key Patterns This Week
1. "Bring Your Own Runtime" attacks — LeakNet's use of Deno to execute payloads in memory represents a growing trend: abusing legitimate, signed developer tools as malware runtimes. Expect this pattern to spread to Bun, Node.js, and other runtimes.
2. AI infrastructure as attack surface — The Amazon Bedrock DNS exfiltration and the CISO survey showing 67% lack visibility into AI deployments paint a clear picture: AI infrastructure is outrunning security coverage. AI sandboxes are not as isolated as assumed.
3. Supply chain saturation attacks — GlassWorm's simultaneous targeting of 400+ repos across GitHub, npm, VSCode, and OpenVSX shows attackers scaling to hit multiple ecosystems simultaneously, making detection and response exponentially harder.
4. Browser-as-weapon — DRILLAPP abusing Edge debugging, the font-rendering AI evasion trick, and Storm-2561's fake VPN campaigns all point to the browser becoming the primary attack vector in 2026. Layer 7 attacks, API abuse, and AI-powered campaigns are converging into multi-vector operations (per Akamai).
5. VPN credential theft at scale — Storm-2561 distributing fake VPN clients through SEO poisoning demonstrates continued interest in targeting remote access infrastructure, deploying trojans alongside credential stealers.
🎯 KENSAI Relevance
Today's intelligence directly impacts KENSAI's market positioning and product roadmap:
- EU sanctions on cyber actors reinforce NIS2 urgency — EU is actively naming and punishing threat actors targeting critical infrastructure. KENSAI's compliance angle is validated.
- AI security gap — 67% of CISOs lack visibility into AI deployments. KENSAI can position AI security scanning as a differentiator in the DACH market.
- Supply chain attacks at this scale (GlassWorm hitting 400+ repos) make dependency scanning and SBOM generation essential — features KENSAI should highlight.
- $89.5M in security funding today (Surf AI + Tracebit + OSS initiative) — the market is hot. Investor appetite for security tools remains strong heading into Q2.
- Browser-based attack convergence validates DAST scanning approaches — external-facing web app security testing is more critical than ever.
Sources: BleepingComputer, The Hacker News, SecurityWeek, ReliaQuest, BeyondTrust, S2 Grupo LAB52, Genians, StepSecurity, Akamai · Compiled by KENSAI Security Intelligence · kensai.app