GlassWorm Takedown, AI Zero-Day Confirmed & Starlette's Critical Flaw

GlassWorm Dead-Drop Takedown

GlassWorm is down. CrowdStrike, Google, and Shadowserver simultaneously dismantled all four command-and-control layers of one of the most technically elaborate supply chain campaigns seen this year, ending an operation that had quietly poisoned more than three hundred GitHub repositories since early twenty twenty-five.

Listen now →

AI-Discovered Zero-Day, First Confirmed Case

Separately, Google documented the first confirmed case of a frontier large language model finding and exploiting a zero-day vulnerability in the wild. The target was a popular web administration tool.

Listen now →

BadHost Flaw in Starlette Framework

There's a critical vulnerability in Starlette that deserves attention. CVE-2026-48710 affects a framework downloaded three hundred twenty-five million times weekly, underpinning FastAPI, vLLM, and LiteLLM deployments globally.

Listen now →

Exploit Timelines Now Measured in Hours

The broader context behind all three of these developments is a shift in attacker tempo that changes the remediation calculus entirely. In twenty twenty-two, the median time from vulnerability disclosure to active exploitation was roughly nine months.

Listen now →

State Actors Running Vulnerability Factories

Chinese and North Korean state-sponsored groups are running what amounts to industrial-scale AI vulnerability hunting across routers and corporate networks. Russian operators are developing self-rewriting malware that mutates to evade detection.

Listen now →

Watchpoints Going Forward

What to watch next: whether isolated GlassWorm infections re-establish contact through undisclosed backup channels, how quickly Starlette patches reach production AI deployments, and whether the confirmed AI zero-day case prompts any acceleration in defender-side logic-flaw tooling. Those are the three metrics that will tell you whether the gap is stabilizing or widening.

Listen now →