GlassWorm Force-Push Attacks and AI Secret Surges [Prime Cyber Insights]

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, [00:04] Announcer: Leaders, and Decision Makers. [00:11] Aaron Cole: Welcome to Prime Cyber Insights for March 17th. [00:15] Lauren Mitchell: We're opening today with a critical shift in how attackers are compromising the software supply chain through GitHub and AI services. [00:24] Aaron Cole: Lauren, the data from Git Guardian is striking. [00:27] Aaron Cole: They've reported an 81% surge in AI service leaks this year, contributing to 29 million secrets hitting public GitHub. [00:36] Aaron Cole: But the real story is what happens once those credentials are in the wrong hands. [00:40] Lauren Mitchell: Exactly, Aaron. [00:42] Lauren Mitchell: We're tracking a campaign codenamed Force Memo, an offshoot of the Glassworm malware. [00:47] Lauren Mitchell: Attackers are using stolen GitHub tokens to force push malicious code into Python repositories. [00:54] Lauren Mitchell: They aren't just adding files. [00:56] Lauren Mitchell: They're rebasing legitimate commits to inject obfuscated malware into setup.py and main.py files. [01:04] Aaron Cole: The technical tradecraft here is worth noting. [01:07] Aaron Cole: By force pushing to the default branch, they rewrite Git history, [01:11] Aaron Cole: meaning there is no pull request or commit trail in the UI for maintainers the spot. [01:16] Aaron Cole: This campaign has already hit over 150 repositories [01:20] Aaron Cole: and even briefly compromised two React Native NPM packages. [01:25] Lauren Mitchell: It's a sophisticated entry vector, too. [01:27] Lauren Mitchell: They're acquiring these tokens by compromising developer systems through malicious VS code and cursor extensions. [01:35] Lauren Mitchell: For practitioners, this highlights that the development environment itself is now a high-priority target for secret exfiltration. [01:43] Aaron Cole: Turning to infrastructure vulnerabilities, CISA added a wing FTP flaw to its known Exploited Vulnerabilities Catalog. [01:51] Aaron Cole: CVE 2025-47813 is an information disclosure bug that leaks server paths, which attackers are using to facilitate a much more critical remote code execution flaw. [02:04] Lauren Mitchell: That's a vital connection, Aaron. [02:06] Lauren Mitchell: While the path leak is only a medium severity on its own, [02:09] Lauren Mitchell: its role in enabling RCE makes it a priority. [02:13] Lauren Mitchell: Federal agencies have until March 30 to patch. [02:16] Lauren Mitchell: It's a reminder that even low-impact info leaks [02:19] Lauren Mitchell: are often the first step in a larger kill chain. [02:22] Aaron Cole: Finally, malware bytes is warning about SEO poisoning targeting remote workers. [02:27] Aaron Cole: Users searching for remote VPN clients are being served high-ranking fake sites that deliver the high-racks info stealer. [02:35] Aaron Cole: The malware is even signed with a certificate to bypass local security checks before stealing work login details. [02:41] Lauren Mitchell: The deceptive part is that the malware actually installs a legitimate VPN client after the infection to avoid suspicion. [02:50] Lauren Mitchell: Aaron, this reinforces the need for organizations to mandate that all software be sourced exclusively from internal portals or direct vendor downloads. [02:59] Aaron Cole: That concludes our briefing for today. For the full technical breakdown, visit pci.neuralnewscast.com. Stay vigilant. [03:09] Lauren Mitchell: This briefing is for informational purposes only. [03:12] Lauren Mitchell: For specific risk management, consult your security team or legal counsel. [03:17] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed. [03:20] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com. [03:25] Lauren Mitchell: See you next time. [03:26] Announcer: This has been Prime Cyber Insights on Neural Newscast. [03:29] Announcer: Intelligence for defenders, leaders, and decision makers.