VulnHub

Real-time Cybersecurity News

GlassWorm campaign evolves: ForceMemo attack targets Python repos via stolen GitHub tokens

SCM feed for Latest
Actively Exploited
Malware

Overview

The ForceMemo attack is a new tactic used by the GlassWorm malware, targeting developers by compromising their systems through malicious extensions for Visual Studio Code and Cursor. Once the malware infiltrates a developer's environment, it steals sensitive information, including GitHub tokens, which can then be used to access and manipulate code repositories. This poses a significant risk to software projects, as attackers can potentially alter or insert malicious code into popular Python repositories. Developers and organizations relying on GitHub for collaboration and version control should be particularly vigilant. It's crucial for users to ensure their development tools are secure and to monitor their accounts for any suspicious activity.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Python repositories, GitHub accounts, Visual Studio Code, Cursor extensions
  • Action Required: Developers should ensure that their development environments are secure, avoid using unverified extensions, and monitor their GitHub accounts for unauthorized access.
  • Timeline: Newly disclosed

Original Article Summary

The ForceMemo attack begins with the GlassWorm malware compromising developer systems, often through malicious VS Code and Cursor extensions, to steal secrets like GitHub tokens.

Impact

Python repositories, GitHub accounts, Visual Studio Code, Cursor extensions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should ensure that their development environments are secure, avoid using unverified extensions, and monitor their GitHub accounts for unauthorized access. Regularly updating software and using two-factor authentication can also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

Infosecurity Magazine

According to a recent report by Gartner, security teams should prioritize their involvement in artificial intelligence (AI) projects to prevent expensive incident response efforts in the future. The research suggests that by 2028, AI-related issues will account for half of all incident response activities. This shift highlights the growing intersection between cybersecurity and AI, emphasizing that companies need to integrate security considerations from the outset of AI development. Failing to do so could lead to significant vulnerabilities and costly breaches. As AI technology becomes more prevalent in various sectors, understanding its risks and preparing for potential security incidents will be crucial for organizations.

Mar 18, 2026

Tracking the Iran War: A Month of Escalation and Regional Impact

Security Affairs

The ongoing conflict in Iran is expected to extend, leading to an increase in cyber threats and potential disruptions in energy supply across the region. Companies operating in the Middle East may face heightened risks as tensions escalate. Cybersecurity experts are warning that this situation could result in more frequent and severe cyberattacks aimed at critical infrastructure and private enterprises. The implications of such attacks could be wide-ranging, impacting not just local businesses but also global markets and energy prices. Stakeholders in the region are advised to bolster their cybersecurity measures to mitigate potential risks.

Mar 18, 2026

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

The Hacker News

A significant security vulnerability, identified as CVE-2026-3888, has been discovered in default installations of Ubuntu Desktop versions 24.04 and later. This flaw allows unprivileged local attackers to escalate their privileges to root access, potentially giving them complete control over the affected systems. With a CVSS score of 7.8, this high-severity issue poses a serious risk to users who have not applied necessary security measures. It is crucial for Ubuntu users to be aware of this vulnerability, as it could lead to unauthorized access and manipulation of sensitive data. Immediate action is recommended to safeguard systems against potential exploitation.

Mar 18, 2026

Global fraud losses climb to $442 billion

Help Net Security

Online fraud is becoming a significant issue globally, with losses reaching $442 billion, according to INTERPOL's latest report. The increase is attributed to the rise of digital tools and organized crime networks that operate internationally. Between 2024 and 2025, there was a 54% increase in fraud-related notices, indicating a growing number of victims affected by these scams. The report categorizes financial fraud as one of the top five global crime threats, emphasizing the need for better security measures and awareness. The surge in fraud impacts individuals and businesses alike, highlighting the urgency for enhanced protective strategies in the digital space.

Mar 18, 2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

The Hacker News

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

Mar 18, 2026

UK businesses risk data breaches due to poor identity security

SCM feed for Latest

A recent report by SailPoint, which surveyed 333 IT decision-makers in the UK, reveals a significant security risk for businesses: 77% of organizations do not deactivate accounts of former employees in a timely manner. This oversight can leave sensitive data vulnerable to unauthorized access, as ex-employees may still have the ability to access company systems. The failure to manage identity security effectively could result in data breaches, potentially exposing businesses to severe financial and reputational damage. Companies must prioritize timely account deactivation protocols to protect their data and maintain compliance with data protection regulations. This situation is particularly concerning as it highlights a widespread issue that could affect numerous organizations across various sectors.

Mar 17, 2026