A Week That Earned the "Ah, Great" Feeling
Some weeks in cybersecurity feel routine — routine patches, routine advisories, routine TTPs. This wasn't one of them.
Week of March 9–16, 2026 delivered a Chrome zero-day under active nation-state exploitation, a router botnet setting new DDoS records, a supply chain attack that handed attackers AWS admin credentials, a surge in rogue AI agent attacks, and a brand-new GlassWorm campaign that can poison hundreds of Python repositories without creating a single visible commit. Each of these individually would be a significant week. Together, they paint a clear picture: the attack surface is expanding faster than most organizations are tracking.
Here's what you need to know.
1. Chrome Zero-Day CVE-2026-2441 — Nation-State Exploitation Confirmed
Google issued an emergency Chrome update this week to patch CVE-2026-2441, a Type Confusion vulnerability in Chrome's V8 JavaScript engine confirmed to be under active exploitation by nation-state actors.
| Detail | Value |
|---|---|
| CVE | CVE-2026-2441 |
| Type | Type Confusion in V8 |
| Impact | Remote code execution via crafted HTML page |
| Exploitation | Nation-state actors confirmed |
| Patch | Chrome 133.x — update immediately |
The flaw allows an attacker to achieve renderer process RCE by visiting a malicious web page — no additional interaction required. Google confirmed threat intelligence from multiple vendors indicating the bug was being weaponized in targeted espionage campaigns prior to the patch.
Action required: Update Chrome to the latest stable release. Enterprise teams should push the update via policy and verify patch deployment across all endpoints within 24 hours.
2. Router Botnets Set New DDoS Records — Aisuru Breaks 1 Tbps
The Aisuru botnet, a Mirai-derivative targeting unpatched consumer and SOHO routers, set a new distributed denial-of-service record this week — a sustained 1+ Tbps volumetric attack against a major CDN provider.
| Botnet | Record Attack | Primary Target | Router Brands Affected |
|---|---|---|---|
| Aisuru | 1.06 Tbps | CDN infrastructure | TP-Link, D-Link, Netgear, ASUS |
Aisuru exploits known but unpatched vulnerabilities in residential and small-office routers to enlist devices as attack nodes. The botnet has grown rapidly since Q4 2025, with researchers tracking over 1.3 million compromised routers in its current fleet.
Action required: Apply all available firmware updates to edge routers. Disable remote management interfaces exposed to the internet. Segment IoT and SOHO devices from corporate networks.
3. UNC6426 Supply Chain Attack — AWS Admin Credentials Stolen via nx npm Package
Researchers confirmed that UNC6426, a suspected North Korea-linked threat actor, executed a supply chain attack via the nx npm ecosystem that resulted in the theft of AWS administrator credentials from affected CI/CD pipelines.
| Attribute | Value |
|---|---|
| Actor | UNC6426 (suspected DPRK-linked) |
| Vector | Malicious npm packages in nx monorepo toolchain |
| Credential stolen | AWS admin API keys via CI/CD environment variables |
| Discovered | Week of March 9–11, 2026 |
The attack injected credential-harvesting code into packages used by nx-based monorepos. Build pipelines that ran npm install during the affected window silently exfiltrated AWS access keys with administrator-level permissions to attacker-controlled infrastructure.
Action required: Audit npm lock files and build logs from the past two weeks. Rotate all AWS credentials used in CI/CD environments. Verify the integrity of all nx-related packages against known-good checksums.
4. Rogue AI Agents — Prompt Injection and Data Exfiltration at Scale
Security researchers published multiple new findings this week documenting rogue AI agent attacks — scenarios where AI coding assistants and agentic workflows are hijacked via prompt injection to exfiltrate data or execute unauthorized actions.
Notable Disclosures
- OpenClaw AI Agent Flaws (covered March 14): Prompt injection vulnerabilities allow attackers to embed instructions in files processed by AI agents, redirecting the agent to exfiltrate secrets or make unauthorized API calls
- Claude Artifacts ClickFix Attack: Researchers demonstrated a technique where malicious Markdown/HTML in AI artifact output triggers ClickFix-style payloads when rendered by users
- SmartLoader Trojanized MCP Server: A malicious Model Context Protocol server deployed StealC infostealer on developer machines via a trojanized tool integration
The common thread: AI agents that process untrusted input without sandboxing are increasingly being treated as attack surfaces, not just productivity tools.
Action required: Review AI tool integrations in your development workflows. Apply sandboxing and output validation to agentic pipelines. Treat AI-processed external content with the same distrust as user-supplied input.
5. GlassWorm ForceMemo — Python Repos Poisoned via GitHub Force-Push
The week's most technically novel attack: GlassWorm's ForceMemo sub-campaign is using previously stolen GitHub developer tokens to silently force-push malware into hundreds of Python repositories — Django apps, ML research code, Streamlit dashboards, and PyPI packages.
The technique rewrites Git history without creating a visible commit, pull request, or activity notification. The injected payload uses a Solana blockchain dead-drop for C2, making the payload URL resistant to takedown.
See the full ForceMemo analysis for complete IOCs and detection guidance.
6. Wing FTP Server CISA KEV — CVSS 10.0 RCE Chain Actively Exploited
CISA added CVE-2025-47813 to its KEV catalog on March 16 — a medium-severity path disclosure flaw in Wing FTP Server that is being chained with CVE-2025-47812 (CVSS 10.0) for unauthenticated remote code execution. The patch has been available since May 2025; FCEB agencies must apply it by March 30, 2026.
See the full advisory for remediation steps.
Week in Numbers
| Metric | Value |
|---|---|
| Chrome zero-days patched | 1 (CVE-2026-2441) |
| CISA KEV additions | 1 (CVE-2025-47813) |
| Python repos poisoned (ForceMemo) | Hundreds |
| Aisuru DDoS record | 1.06 Tbps |
| AWS admin credentials at risk | CI/CD pipelines across nx ecosystem |
| Active GlassWorm campaigns | 2 (ForceMemo + Open VSX Wave 4) |
What to Do This Week
- Update Chrome to the latest stable release — CVE-2026-2441 is under active exploitation
- Patch Wing FTP Server to v7.4.4 — FCEB deadline is March 30
- Rotate AWS CI/CD credentials if your pipelines use nx-based tooling
- Audit Python repo commit history for force-pushed changes to
setup.py,main.py, orapp.py - Enable branch protection and force-push alerts on GitHub repositories
- Patch SOHO routers — Aisuru botnet recruitment is ongoing
Sources
- The Hacker News — Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents
- BleepingComputer — CISA flags Wing FTP Server flaw as actively exploited
- StepSecurity — ForceMemo: Python Repos Compromised via Force-Push
- SecurityWeek — Record DDoS Attack from Aisuru Botnet