Month: March 2026

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in

 A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and plaintext authentication tokens used…

 A suspected North Korean operative tried to sneak into a remote job at a cybersecurity firm by using a stolen identity, a fake AI-generated resume, and a VoIP phone number.…

 A new and dangerous piece of malware has surfaced in the threat landscape, and it is built to stay hidden, stay running, and stay in control of any system it…

The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in. Read More  

 A new and more dangerous version of the ClickFix attack technique has been found actively targeting Windows users. Unlike older versions that used PowerShell or mshta to run malicious commands,…

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai

 A known threat group called TA446 has been caught using a newly discovered exploit kit called DarkSword to target iOS users. This development marks a significant shift in the group’s…

AI-Driven Security and SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 30, 2026 Mid-market organizations face sophisticated…

The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists. Read More  

 Cybercriminals have found a clever way to trick people by swapping real letters in website addresses with characters that look almost the same. These are called homoglyph attacks, and they…

[[{"value":"The company has disclosed a cybersecurity incident involving one of its electronic health record environments. The post Healthcare IT Platform CareCloud Probing Potential Data Breach appeared first on SecurityWeek."}]] Read More  

 A widely used Python package was quietly turned into a weapon, and most developers who got hit had no idea it happened. On March 27, 2026, a threat actor known…

[[{"value":"LLMs can write complex Rego and Cedar code in seconds, but a single missing condition or hallucinated attribute can quietly dismantle your organization’s least-privilege security model. The post Silent Drift:…

 A serious security flaw was recently found in Open VSX, the extension marketplace used by popular code editors like Cursor and Windsurf, as well as the broader VS Code fork…