Hackers claim theft of data on Commission employees, other sensitive material in latest hack of major organisation This article has been indexed from Silicon UK Read the original article: European Commission Confirms Data Breach
DeepLoad Malware Uses ClickFix and AI Evasion to Hit Enterprise Networks
New “DeepLoad” malware is turning a single user click into fileless, credential‑stealing persistence inside enterprise networks, leveraging the ClickFix technique and AI-generated obfuscation to evade traditional defenses. DeepLoad arrives via ClickFix a social engineering technique that instructs users to paste…
CareCloud Data Breach Exposes Patient Data After Hackers Access IT Systems
CareCloud, Inc., a prominent healthcare technology provider, has disclosed a material cybersecurity incident involving unauthorized access to its electronic health record (EHR) infrastructure. The security event was first detected on March 16, 2026, when the CareCloud Health division experienced an…
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens. The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
What Makes Browser Hijacking a Silent Threat?
Web browsers act as a critical gateway to an organization’s digital ecosystem, enabling access to banking, email, cloud applications, and sensitive customer data. When attackers compromise this gateway, they can monitor user activity, redirect traffic, and capture confidential credentials without…
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1…
IT Security News Hourly Summary 2026-03-31 09h : 5 posts
5 posts were published in the last hour 6:32 : ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information 6:32 : Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks 6:11 : Claude AI Uncovers…
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However, a newly disclosed vulnerability in ChatGPT shattered this expectation. Discovered by Check Point Research, this flaw exploited the isolated…
Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks
Apple has introduced a new security feature in macOS Tahoe 26. Thank you for being a Ghacks reader. The post Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks appeared first on gHacks. This article has…
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zero-day Remote Code Execution (RCE) flaws in both Vim and Emacs. The discoveries show that merely opening a malicious…
RoadK1ll Malware Turns Hacked Devices Into Network Relays
Hackers are deploying a new Node. js-based implant dubbed RoadK1ll to quietly turn compromised hosts into on-demand network relays, enabling stealthy pivoting deeper into victim environments without exposing obvious remote access tooling. The implant’s sole purpose is to provide attackers with reliable,…
Why I’m done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners…
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A newly emerging malware known as GhostSocks is quietly reshaping how attackers evade detection by converting compromised systems into residential proxy nodes. Modern cyberattacks rely heavily on blending into normal network traffic. Residential proxies allow attackers to route malicious activity…
Beyond Alert Fatigue: What European SOCs Actually Struggle With
Results from a Survey among SOC professionals from the region on what is the state of AI in SecOps in Europe The post Beyond Alert Fatigue: What European SOCs Actually Struggle With appeared first on Security Boulevard. This article has…
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines, reputation damage,…
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.3, an important update addressing a notable cURL security vulnerability and resolving multiple crash bugs. Alongside these vital security patches, this release marks the official completion of the application’s migration to a new XML parser, significantly…
Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues
Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s…
Hottest cybersecurity open-source tools of the month: March 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses…
Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Anthropic’s Claude AI successfully discovered zero-day Remote Code Execution (RCE) flaws in both Vim and GNU Emacs. The discoveries highlight a massive paradigm shift in bug hunting, demonstrating that AI models can uncover critical vulnerabilities in legacy software with simple…
Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack
A sophisticated supply chain attack has targeted Axios, one of the most heavily adopted HTTP clients within the JavaScript ecosystem, by introducing a malicious transitive dependency into the official npm registry. Serving as a critical component across frontend frameworks, backend…
Cybersecurity jobs available right now: March 31, 2026
Android Malware Research Director Alice | Israel | On-site – View job details As an Android Malware Research Director, you will establish operational processes, workflows, and quality standards for the team, while integrating the function into existing infrastructure. You will…
IT Security News Hourly Summary 2026-03-31 06h : 1 posts
1 posts were published in the last hour 3:32 : Security at Scale: How Open VSX Is Raising the Bar
Security at Scale: How Open VSX Is Raising the Bar
Security work is often most visible when something goes wrong: a compromised package, a leaked credential, a typosquatted extension, an abused automation token. In those moments, it becomes clear that software infrastructure is not abstract. It is operational, exposed, and…
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update This article has been indexed from www.infosecurity-magazine.com Read the original article: Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers