Cybersecurity News | Daily Recap [28 Mar 2026]

Malware & Phishing

• A macOS ClickFix campaign tricks users into pasting a Cloudflare‑themed Terminal command that deploys a Nuitka loader and the Python-based Infiniti Stealer to harvest browsers, Keychain, crypto wallets, developer secrets and screenshots and exfiltrate via HTTP/Telegram – Infiniti Stealer
• Russia‑linked TA446 used the leaked DarkSword iOS exploit kit in targeted spear‑phishing to deliver GHOSTBLADE and MAYBEROBOT, prompting Apple lock‑screen exploit alerts – DarkSword iOS, Apple Alerts
• Attackers posted fake Visual Studio Code security alerts in GitHub Discussions impersonating maintainers to lure developers into reconnaissance and second‑stage malware delivery – Fake VSCode
• Threat actor TeamPCP pushed backdoored telnyx PyPI versions (4.87.1/4.87.2) that use WAV steganography to install credential‑stealers and exfiltrate SSH keys, cloud tokens and wallets — rollback to 4.87.0 and rotate secrets immediately – Telnyx PyPI, Telnyx PyPI

Vulnerabilities & Advisories

• Attackers are actively probing Citrix NetScaler ADC/Gateway’s /cgi/GetAuthMethods to exploit a critical input‑validation flaw CVE-2026-3055 (CVSS 9.3) that can leak sensitive information — patch or mitigate immediately – NetScaler Recon
• CISA added the critical F5 BIG‑IP APM flaw CVE-2025-53521 (CVSS 9.3) to its KEV list after confirmed exploitation; F5 published IOCs/TTPs and FCEB must remediate by March 30, 2026 – F5 KEV
• Open VSX fixed an “Open Sesame” bug where pre‑publish scanner failures were misinterpreted as “no scanners configured,” allowing malicious VS Code extensions to bypass vetting — patched in 0.32.0 – Open VSX

Breaches & Takedowns

• The European Commission is investigating a breach after a threat actor accessed at least one Amazon cloud account and claims to have stolen over 350 GB of data including employee information and email servers; incident response is ongoing – EC Cloud Breach
• The Alliance for Creativity and Entertainment seized the illegal AnimePlay app—hosted > 60 TB of content and > 5 million registered users—confiscating domains, servers and source repos – AnimePlay Takedown
• Pro‑Iranian group Handala claimed responsibility for exfiltrating FBI Director Kash Patel’s personal emails and photos; FBI/DOJ say the material is historical/non‑governmental while seizures and rewards continue – Handala Leak, Handala Leak

Policy & Governance

• The European Parliament voted against extending temporary CSAM scanning rules, removing platforms’ exemption and prompting law‑enforcement warnings and privacy concerns about mass surveillance and false positives – CSAM Ruling
• UK reports warn of evolving foreign interference and the government is proposing tighter political‑donation rules including a temporary ban on cryptocurrency donations and a £100,000 cap for overseas voters – UK Donation Limits
• Congress is advancing a Chip Security Act requiring continuous location verification on exported advanced AI chips to prevent smuggling and diversion after cases like DeepSeek using restricted accelerators – Chip Tracker

AI, Research & Programs

• OpenAI launched a public safety bug‑bounty (run via Bugcrowd) focused on AI abuse vectors—prompt injection, data exfiltration, connector flaws—with discretionary rewards up to $7,500 – OpenAI Bounty
• Weekly roundup: notable items include transit disruptions, high‑profile account hijacks, outages, ETH Zurich’s anti‑deepfake chip and Google’s 2029 quantum‑safe deadline among other developments – Other News
• Analysis: “Agentic GRC” warns that while teams have agentic tech, the missing piece is a governance mindset shift to manage risks posed by agentic systems – Agentic GRC

Cybersecurity News | Daily Recap – hendryadrian.com