GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The persistent GlassWorm supply chain threat actor has expanded its campaign significantly — using GitHub tokens stolen via infected VS Code and Cursor extensions to force-push malicious commits into hundreds of Python repositories including Django apps, ML research projects, Streamlit dashboards, and PyPI packages, in a new wave codenamed ForceMemo by StepSecurity. The injected payloads — appended to setup.py, main.py, and app.py files while preserving the original commit message, author, and timestamp to evade detection — execute entirely in memory using an eval() sandbox, skip systems with Russian locale settings, and fetch C2 instructions from a Solana wallet address previously tied to GlassWorm, confirming continuity with the same threat actor that has been escalating across the VS Code, Open VSX, npm, and GitHub ecosystems since October 2025. Defenders should immediately audit GitHub repository commit histories for base64-encoded appended content, review VS Code extension permissions for any extension referencing Solana wallet addresses or Google Calendar for configuration, and rotate all GitHub tokens for accounts with access to code signing or publishing workflows.
Poland’s Nuclear Research Centre Targeted by Cyberattack
Poland’s National Centre for Nuclear Research (NCBJ) confirmed this week that hackers targeted its IT infrastructure in a cyberattack that was detected and blocked before any systems were compromised, with NCBJ Director Professor Jakub Kupecki confirming that the MARIA research reactor continued operating at full power without interruption throughout the incident. While NCBJ declined to attribute the attack, Polish investigators found indicators suggesting possible Iranian involvement — though they cautioned that the indicators may be deliberate false flags, a caveat carrying particular weight given Iran’s well-documented use of false-flag techniques. The incident is the latest in a string targeting Polish critical infrastructure, following the Sandworm-linked DynoWiper attempt against Poland’s power grid in December 2025 and a GRU-linked campaign against Polish government networks, placing Poland in the uncomfortable position of facing sustained cyber pressure from both Russian and Iranian state-linked actors simultaneously. (Note: BleepingComputer blocks automated fetches but is fully accessible in-browser.)
Russia-Linked Espionage Campaign Targets Ukraine Using Starlink and Charity Lures
Lab52 researchers documented a February 2026 campaign by Laundry Bear — a Russia-linked APT also tracked as UAC-0190 and Void Blizzard that targets government, defense, transportation, media, NGOs, and healthcare across Europe and North America — deploying a previously undocumented JavaScript-based backdoor called DrillApp that runs entirely through the Microsoft Edge browser, avoiding traditional executable files on disk while inheriting Edge’s trusted reputation to blend C2 traffic with normal browser activity. Attackers reached victims via Signal and WhatsApp impersonating Come Back Alive, a well-known Ukrainian charity supporting the armed forces, as well as fake Starlink support messages, prompting targets to download what appeared to be documents but were password-protected archives containing executable files — a consistent tradecraft pattern CERT-UA has now linked to Laundry Bear across multiple separate operations. DrillApp is capable of uploading and downloading files, recording microphone audio, and capturing webcam images by abusing browser APIs — expanding the group’s targeting beyond Ukraine’s defense sector into civilian government and civil society organizations that have historically received less security hardening against spear-phishing.
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
Phantom Labs Research disclosed on March 16 that AWS Bedrock AgentCore’s Code Interpreter — Amazon’s managed AI code execution environment used to run AI agent-generated Python code — contains a DNS-based data exfiltration technique that allows malicious instructions embedded in files like CSV spreadsheets to create a covert command-and-control channel even when the sandbox is operating in “Sandbox Mode,” which is supposed to restrict outbound network connections. The attack works because DNS resolution remains active even when all other outbound traffic is blocked — meaning an attacker who can influence what an AI agent processes can encode sensitive cloud data into DNS queries that exfiltrate it to attacker-controlled infrastructure with no detectable HTTP or TCP traffic. Amazon reviewed the research and determined the behavior reflects intended functionality rather than a vulnerability, declining to issue a patch and instead updating its documentation to clarify that Sandbox Mode provides only limited network isolation — a response researchers described as concerning given how many organizations deploy AgentCore under the assumption of full sandbox isolation when processing untrusted user-supplied data.
EU Sanctions Chinese and Iranian Companies for Cyberattacks Against Member States
The European Council on March 16 imposed sanctions on two Chinese firms and one Iranian company: Integrity Technology Group, which enabled the compromise of over 65,000 devices across six EU member states as part of the Flax Typhoon botnet campaign between 2022 and 2023; Anxun Information Technology (i-Soon), which provided targeted hacking-for-hire services aimed at EU critical infrastructure — with the company’s two co-founders personally sanctioned for organizing and directing the attack operations; and Emennet Pasargad, sanctioned for unlawfully accessing a French subscriber database and selling the data on the dark web, compromising advertising billboards to spread disinformation during the 2024 Paris Olympics, and breaching a Swedish SMS service affecting a large number of EU citizens. The designations include asset freezes and travel bans for the named individuals, and prohibit EU citizens and companies from transacting with the listed entities — mirroring sanctions the U.S. and U.K. had previously imposed against the same actors for overlapping conduct, reflecting a coordinated transatlantic approach to naming and sanctioning Chinese and Iranian cyber-for-hire ecosystem participants rather than purely state-employed hackers. China’s foreign ministry rejected the sanctions as baseless and urged Brussels to stop what it called political manipulation.
