# Archive
Browse past daily curated stories
Tuesday, March 31, 2026
-
1BleepingComputer generalCritical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are actively exploiting CVE-2026-3055, a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances that allows attackers to obtain sensitive data from application memory. The flaw enables extraction of authenticated administrative session IDs, posing significant risk to organizations using these widely-deployed network appliances.
-
2BleepingComputer generalHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
F5 has reclassified CVE-2025-53521 from a high-severity denial-of-service flaw to a critical remote code execution vulnerability after discovering attackers are exploiting it to deploy webshells on unpatched BIG-IP devices. The vulnerability was initially disclosed in October 2025, and active exploitation is now confirmed in the wild.
-
3The Hacker News generalOpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
Check Point researchers disclosed a vulnerability in OpenAI ChatGPT that allowed attackers to exfiltrate sensitive conversation data, uploaded files, and user messages through malicious prompts without user knowledge. OpenAI has patched the flaw along with a separate Codex vulnerability that exposed GitHub tokens, preventing covert data extraction channels.
-
4Dark Reading generalAI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection
ReliaQuest researchers identified DeepLoad malware that uses AI-generated obfuscation code to evade static scanning and steals browser credentials through ClickFix social engineering tactics. The malware employs WMI persistence, immediately captures passwords and sessions, and can re-infect hosts days after being blocked by security tools.
-
5BleepingComputer generalFBI confirms hack of Director Patel's personal email inbox
Iranian hackers associated with the Handala group breached FBI Director Kash Patel's personal email account and published photos and documents from the compromised inbox. The FBI confirmed the breach involved Patel's personal email, marking a significant compromise of a high-profile U.S. law enforcement official's communications.
-
6BleepingComputer generalEuropean Commission confirms data breach after Europa.eu hack
The European Commission confirmed a data breach of its Europa.eu web platform after the ShinyHunters extortion gang claimed responsibility for stealing over 350GB of data from European Commission cloud systems. The breach affects the EU's central online platform hosting websites and services for its institutions.
-
7BleepingComputer generalNew RoadK1ll WebSocket implant used to pivot on breached networks
Security researchers identified RoadK1ll, a new WebSocket-based malicious implant that enables threat actors to pivot from compromised hosts to other systems within breached networks. The implant provides lateral movement capabilities for attackers to quietly expand their foothold across organizational infrastructure.
-
8BleepingComputer generalCritical Fortinet Forticlient EMS flaw now exploited in attacks
Threat intelligence firm Defused reports active exploitation of a critical vulnerability in Fortinet's FortiClient EMS platform. The flaw allows attackers to compromise the endpoint management system used by organizations to manage and secure their FortiClient deployments across enterprise networks.
-
9BleepingComputer generalHealthcare tech firm CareCloud says hackers stole patient data
Healthcare IT firm CareCloud disclosed a data breach incident that exposed sensitive patient data and caused an eight-hour network disruption. The company has informed the SEC of the potential patient data leak from the cyberattack affecting its electronic health record environments.
-
10Dark Reading generalStorm Brews Over Critical, No-Click Telegram Flaw
A critical no-click vulnerability in Telegram messaging app received a 9.8 CVSS score and is allegedly triggered by corrupted stickers, though Telegram disputes the flaw's existence. The vulnerability would allow attackers to compromise users without any interaction, making it particularly dangerous for the popular messaging platform.