Issue #196 - April 27, 2026
- Apr 27
- 2 min read
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Source: Dark Reading
Attackers are seeding Open VSX with sleeper VS Code extensions that look legitimate at first and later deliver self-propagating malware. Researchers said the campaign is scaling through cloned listings, delayed payload activation, and extension update abuse, raising the risk of developer workstation compromise and downstream software supply chain poisoning.
Critical GitHub Vulnerability Exposed Millions of Repositories
Source: SecurityWeek
Wiz disclosed CVE-2026-3854, a critical GitHub flaw that could let any authenticated user execute code on backend systems with a single git push. GitHub patched the issue and found no evidence of malicious exploitation, but the bug exposed how internal protocol injection could have opened cross-tenant access to massive amounts of repository data.
Broken VECT 2.0 ransomware acts as a data wiper for large files
Source: BleepingComputer
Researchers found that VECT 2.0 mishandles encryption nonces, causing larger files to be permanently destroyed instead of recoverably encrypted. That means victims may lose critical data even if they pay. The flaw appears across Windows, Linux, and ESXi variants, turning a ransomware incident into something closer to a destructive wiper event.
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Source: The Hacker News
Attackers began exploiting a critical SQL injection flaw in LiteLLM roughly a day and a half after disclosure, targeting the tables most likely to hold provider keys, configuration secrets, and runtime credentials. The speed and precision of the activity show how quickly exposed AI infrastructure can move from advisory to active compromise.
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Source: The Hacker News
SentinelOne researchers uncovered fast16, a sabotage framework dating back to 2005 that appears to have targeted high-precision engineering calculations tied to Iran’s nuclear program. The malware predates Stuxnet and highlights how attackers can weaponize trusted industrial and scientific workflows, not just operating systems, to create dangerous physical-world consequences.