# Top Stories

Iran-linked Handala Hack Team successfully breached FBI Director Kash Patel's personal email account and leaked photos and documents online. The attackers also conducted a wiper attack against medical device manufacturer Stryker, demonstrating escalating Iranian cyber operations targeting high-profile US officials.

CVE-2026-3055, a critical memory overread vulnerability in Citrix NetScaler ADC and Gateway with CVSS score 9.3, is under active reconnaissance by threat actors. The flaw allows attackers to exploit insufficient input validation to leak sensitive information from affected systems.

CISA added CVE-2025-53521 to its KEV catalog after detecting active exploitation of F5 BIG-IP Access Policy Manager systems. The critical vulnerability has CVSS v4 score of 9.3 and enables remote code execution against affected APM deployments.

Russian state-sponsored group TA446 (Callisto) is deploying the leaked DarkSword iOS exploit kit in targeted spear-phishing campaigns. Proofpoint identified the attacks targeting iOS devices using recently disclosed zero-day exploits, marking a significant escalation in mobile-focused espionage operations.

Infinity Stealer malware targets macOS systems using Python payloads compiled with Nuitka and distributed through ClickFix social engineering lures. The campaign leverages fake CAPTCHA pages to trick users into executing credential-stealing malware on Apple devices.

TeamPCP hackers compromised the Telnyx Python package on PyPI, uploading malicious versions 4.87.1 and 4.87.2 on March 27, 2026. The threat actors concealed credential-harvesting malware inside WAV audio files to evade detection in the supply chain attack.

Threat actors are posting fake Visual Studio Code security alerts in GitHub Discussions sections across multiple projects to distribute malware to developers. The campaign uses social engineering to trick developers into downloading malicious files disguised as legitimate VS Code security updates.

Apple began sending Lock Screen notifications to iPhones and iPads running outdated iOS versions, warning of active web-based exploits targeting older software. The alerts urge immediate installation of critical security updates to protect against ongoing attacks exploiting unpatched vulnerabilities.

Chinese APT group Red Menshen upgraded their BPFdoor malware to target telecommunications companies globally with enhanced stealth capabilities. The advanced backdoor defeats traditional cybersecurity protections, requiring active threat hunting to detect compromises in telecom infrastructure.

Three security vulnerabilities in LangChain and LangGraph AI frameworks could expose filesystem data, environment secrets, and conversation history to attackers. The flaws affect widely-used open-source tools for building Large Language Model applications, potentially compromising sensitive AI deployment data.