GlassWorm Hits Your IDE, BlueHammer Leaked, Adobe Zero-Day Fixed

GlassWorm's Zig-Based Cross-IDE Dropper Targets Developer Toolchains

• Aikido researchers document GlassWorm's latest variant: a malicious OpenVSX extension impersonating WakaTime (specstudio/code-wakatime-activity-tracker) bundles a Zig-compiled binary that scans the host and silently installs a second-stage GlassWorm dropper into every IDE present — VS Code, Cursor, and VSCodium — using each IDE's own toolchain.
• The Zig binary runs outside the JavaScript sandbox with full system access; second stage uses a Solana-based C2, avoids Russian-locale systems, and installs a persistent RAT plus a malicious Chrome extension.
• If floktokbok.autoimport appears in any IDE's extension list, treat the host as compromised and rotate all secrets immediately. (Previously: GlassWorm/CanisterWorm spread via GitHub Actions and npm — this variant pivots to the IDE extension marketplace as the initial delivery vector.)

---

Critical Patch Roundup: Adobe Zero-Day Fixed, Flatpak Sandbox Escape, OpenSSL, ActiveMQ

• Adobe released emergency patches for CVE-2026-34621 (CVSS 9.6) — a prototype attribute manipulation flaw enabling arbitrary code execution in Acrobat and Reader (Windows/macOS), exploited since at least November 2025 via Russian oil-and-gas sector lures. Patched versions: Acrobat DC/Reader DC → 26.001.21411; Acrobat 2024 → 24.001.30362. The prior mitigation of blocking HTTP traffic with Adobe Synchronizer User-Agent can be retired post-patch.
• Flatpak 1.16.4 patches CVE-2026-34078, a critical sandbox escape plus three additional flaws — directly relevant to CI/CD pipelines and developer environments running Flatpak-packaged toolchain components on Linux. Update Flatpak and audit base images that bundle Flatpak-packaged tools.
• OpenSSL 3.6.2 patches eight CVEs; most severe is Moderate, covering RSA KEM encapsulation and key agreement group list issues. Update base images and runtime containers embedding OpenSSL directly.
• Researchers used Claude to uncover CVE-2026-34197, a decade-old RCE in Apache ActiveMQ; a patch is available. ActiveMQ is commonly embedded in enterprise Java stacks and CI/CD infrastructure — verify whether your stack is affected and update.

---

BlueHammer Windows Zero-Day Leaked; Patch Tuesday Two Days Out

• A Windows zero-day exploit tracked as BlueHammer has been publicly leaked on GitHub; affected components and CVSS score are unconfirmed. Patch Tuesday (April 14) is expected to include a fix — apply as soon as updates are available and monitor Microsoft's security advisories for pre-patch mitigations.

---

New Defensive Tooling: claudit-sec and Asqav

• HarmonicSecurity open-sourced claudit-sec, a single-command read-only audit script (macOS zsh+jq; Windows PowerShell 5.1+) enumerating the Claude Desktop/Code attack surface: MCP servers and their env vars/args, DXT extensions with signature status and dangerous tool grants, OAuth connectors, plugins and hooks, scheduled tasks (cron + LaunchAgents), dispatch bridge state, and session-local skills. Output is color-coded terminal, HTML, or JSON for SIEM ingestion; tokens/keys are auto-redacted with zero network calls.
• Asqav is a new open-source SDK that attaches cryptographic signatures to AI agent actions, providing a tamper-evident audit trail for agentic workflows — a compensating control for the accountability gap in agentic pipelines alongside canary credentials and scoped secrets.

---

Exploit Velocity Accelerating; AI Code Backlogs Outpacing Review Capacity

• Security Affairs adds detail to the Marimo CVE-2026-39987 exploitation (previously: first exploitation at 9h 41m post-disclosure): a single human operator ran multiple manual sessions over 90 minutes, validated with a scripted PoC, then explored manually — .env and SSH key theft completed in under 3 minutes with no public PoC available at the time. Only 1 of 125 scanning IPs actually exploited the WebSocket endpoint. The trend: Langflow CVE-2026-33017 weaponized in 20 hours → Marimo in 9h41m — attackers are building working exploits from advisory text before PoCs exist.
• Futurism cites StackHawk CEO Joni Klippert: one financial services firm saw 10× coding output after adopting Cursor, producing a 1-million-line review backlog with no scaled security review process. Costanoa Ventures' Joe Sullivan: "There are not enough application security engineers on the planet to satisfy what American companies need."
• Security Boulevard analysis of Claude Mythos and Project Glasswing notes the U.S. Treasury and Federal Reserve held a closed-door meeting with major bank CEOs on systemic AI cyber risk; the model's autonomous exploit-chaining capability is expected to be replicated by foreign models by late 2026. (Previously: Glasswing restricted to a 40-company consortium — the downstream concern now extends to adversary equivalents within ~9 months.) Practitioner guidance: compress vulnerability SLAs to hours/days and treat exploit chaining as the default threat model for internet-facing assets.