Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland - SWN #576

A major supply chain attack on the Python Package Index (PyPI) has compromised version 0.23.3 of a popular package with a backdoor info stealer, exploiting a GitHub Actions flaw to forge signed releases and distribute malware through legitimate channels. The attack, which leveraged a malicious comment in a pull request to inject shell code and steal credentials, underscores the growing sophistication of software supply chain threats. Meanwhile, the Glassworm campaign has expanded its reach by planting 73 dormant extensions on OpenVSX, with six now active and exfiltrating crypto wallet data and GitHub credentials. Medtronic confirmed a cyberattack on its corporate IT systems, though it downplayed impact—raising concerns about transparency in critical infrastructure breaches. As AI tools like GitHub Copilot shift to usage-based billing, a new 'financial threat' emerges: users addicted to free AI may face steep costs, echoing past tech lock-in traps. The episode also highlights how AI accelerates existing attack patterns—reducing dwell time to just 22 seconds—while foundational weaknesses like poor patching and over-permissive access remain the root cause of most breaches. The host warns that 'old problems are new again,' urging organizations to prioritize cyber hygiene over AI hype.