The Lyceum: Cybersecurity Daily — Mar 18, 2026

The things your developers trust most — their package manager, their Git history, their browser extensions — are being quietly hollowed out and turned into weapons. GlassWorm is now rewriting Python repos from the inside while preserving every commit message and author name, APT28 was exploiting a Windows zero-day for weeks before anyone noticed, and Medusa ransomware just shut down Mississippi's only Level 1 trauma center for nine days. Today's theme: the infrastructure you assume is clean probably isn't, and the time to verify was yesterday.

If your team runs pip install from public repos — and nearly every team does — this needs to be in your morning standup.

The GlassWorm campaign, which targeted VS Code extensions last week, has pivoted hard. Researchers at StepSecurity and Socket disclosed today that attackers are using stolen GitHub tokens to inject malware into hundreds of Python repositories — Django apps, ML research code, Streamlit dashboards, PyPI packages. The technique is what makes this genuinely nasty: attackers rebase the latest legitimate commits with malicious code, then force-push while preserving the original commit message, author, and timestamp. Your Git log looks perfectly clean. It isn't.

A new variant called ForceMemo has also surfaced, sharing the same Solana blockchain command-and-control infrastructure but using different delivery methods. Two React Native npm packages — react-native-international-phone-number and react-native-country-select — were briefly compromised as part of this campaign, with malicious versions pushed directly to the npm registry without a corresponding GitHub release.

The earliest C2 transaction dates to November 27, 2025 — over three months before the first confirmed repo injections went public. If you're hunting, extend your lookback window well past March.

What to do now: Verify dependency hashes against known-good versions. Rebuild container images from trusted, patched base images. Treat any unverified pip install from a public repo as suspect until you've confirmed integrity.

Akamai published a detailed technical breakdown today of how Russia-linked APT28 exploited CVE-2026-21513 (CVSS 8.8) — a security feature bypass in Windows' MSHTML framework, the legacy rendering engine that still quietly runs under the hood in Word, Outlook, and Windows Explorer previews.

The key finding: a malicious sample uploaded to VirusTotal in January 2026 confirms APT28 was weaponizing this flaw at least two weeks before Microsoft's February Patch Tuesday. The attack didn't require macros or extra clicks — in several cases, simply rendering a document triggered exploitation. Spear-phishing lures were tailored to geopolitical events, disguised as diplomatic briefings and defense communications.

Today's report matters because it includes concrete indicators of compromise defenders can actually hunt for. CERT-UA also flagged APT28 using a second Microsoft Office zero-day (CVE-2026-21509) in the same campaign — so hunt for both.

If your organization fits the profile of an espionage target — government, defense, NGO, research — and you patched Windows in February, the real question is whether you were compromised before the patch. Look at January and early February endpoint telemetry, especially anything involving .LNK files or document previews.

Imagine your local hospital going dark — doctors writing prescriptions by hand, patient records inaccessible, all 35 clinics closed. That was reality at the University of Mississippi Medical Center, the state's only children's hospital and only top-level trauma center. On Tuesday, the Medusa ransomware gang claimed responsibility.

The same day, Medusa also claimed an attack on Passaic County, New Jersey (population: ~600,000), taking down IT systems and phone lines. Both victims appeared on Medusa's darknet leak site with demands of roughly $800,000 each and a public deadline of March 20 to leak UMMC's data.

This is ransomware's real-world cost: not abstract data loss, but doctors unable to look up drug allergies and emergency rooms routing patients elsewhere. The supply-chain ripple effects from the concurrent Stryker wiper attack compound the pressure on healthcare — disrupted ordering and manufacturing systems at a major med-tech supplier can delay equipment shipments for weeks, producing patient-care impacts without a single device being compromised.

Meta is ending end-to-end encryption for Instagram DMs after May 8, 2026. You may have caught the headline last week, but fresh reporting from Platformer and a Newsweek confirmation today surface a detail most coverage missed: internal documents show this was a deliberate strategy shift, not a temporary rollback. Where Zuckerberg once argued encrypted messaging should be the default, the company now treats encrypted users as a niche group and points them to WhatsApp.

This appears to be the first time a major platform has ever walked back encryption protections it already shipped. The timing is notable — TikTok said days ago it has no plans to introduce E2EE for DMs either. Two of the world's largest messaging platforms, moving in the same direction, in the same week.

A Reddit thread on r/cybersecurity is gaining traction today with users interpreting parts of Meta's updated terms as admitting to broader data access. Whether that reading is legally precise or not, the trust erosion is real and immediate.

A Git log that lies to your face, a hospital writing prescriptions with a ballpoint pen, and Mark Zuckerberg quietly un-encrypting a billion inboxes — just another Wednesday.

An Illinois state legislator is drafting a bill that would require OS-level age verification before account creation; committee referral, stage and date were not specified in reporting. That proposal is either the future of child safety or the world's most ambitious phishing database — hard to say which arrives first.

Stay suspicious.

If someone you know is still running pip install on faith, forward this their way.