top of page
ALL POSTS
CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Developer Supply Chain
Key Findings CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet by simultaneously taking down four command-and-control servers that powered a sophisticated supply chain attack campaign The Russia-based threat group infected over 300 GitHub repositories and compromised hundreds of open-source packages across npm, Python, and VSCode extensions since early 2025 Glassworm deployed a multi-layered resilience strategy using the Solana blockchain, BitTorrent DHT,
May 273 min read
Critical CrowdStrike LogScale Vulnerability Exposes Files to Unauthorized Access
Key Findings CrowdStrike disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in LogScale self-hosted The flaw allows remote attackers to read arbitrary files from server filesystems without authentication Next-Gen SIEM and LogScale SaaS customers are not affected due to network-layer mitigations applied April 7, 2026 Self-hosted LogScale customers must urgently upgrade to patched versions No known active exploitation has occurred to date The vuln
Apr 272 min read
bottom of page
