Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Tuesday, March 31, 2026. I'm Sarah Lane. MacOS terminal gets click fix attacks Apple added a new macOS Tahoe 26.4 security feature that warns users and delays execution when pasting potentially dangerous commands into terminal targeting click fix social engineering attacks that trick users into running malicious codes. The system alerts users that execution was blocked and explains the risks, though they can still proceed if they want to. The feature isn't fully documented and may not trigger consistently, so users are still advised not to run unfamiliar commands as attackers continue to exploit users. User initiated actions to bypass traditional protections Russian court sentences Flint over card fraud A Russian military court sentenced 26 members of the Flint 24 cybercrime group, including alleged leader Alexei Stroganov, to up to 15 years in prison for running large scale payment card fraud operation. Authorities say the group stole stolen card data through dozens of online shops, enabling global fraud that targeted victims across Russia, the EU and the U.S. u.S. Investigators have also charged Stroganoff in a separate case involving the theft of hundreds of millions of card records and more than $35 million in losses, though extradition is unlikely. Care Cloud probe's data breach Care Cloud disclosed a cybersecurity incident that disrupted one of its electronic health record environments for about eight hours and may have exposed patient data. The company says the breach was limited to its Care cloud health platform with no impact on other systems, and all affected services have since been restored. An investigation is ongoing to determine whether the data was accessed or exfiltrated, and while no threat actor has claimed responsibility, the company reported the incident due to the sensitivity of the data and potential regulatory and reputational risks. Citrix netscaler bug exploited A critical Citrix Net scalar flaw is already actively being exploited days after disclosure, with researchers at Watchtower observing attackers scanning and targeting vulnerable systems. The bug allows memory over read attacks that can expose sensitive data like session tokens and credentials, and may actually consist of multiple related vulnerabilities. Security agencies warn netscaler devices are high value targets because they sit in authentication paths, leaving organizations rushing to patch as attackers move quickly to to extract data from exposed systems. Huge thanks to our sponsor ThreatLocker. Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place, controlling applications, scripts and installers so unauthorized code never gets the chance to run learn more@threatlocker.com EC downplays Shiny Hunters impact the European Commission said a cyber attack on its Europa EU web portal was contained quickly and didn't impact internal systems, despite claims by Shiny Hunters that it stole more than 350 gigabytes of data. Officials acknowledged limited impact to public facing sites, noting the data may already be publicly available, and said defenses detected and mitigated the intrusion without service disruption. An investigation is ongoing to determine what data was actually accessed. OpenAI patches ChatGPT flaw over DNS data checkpoint Researchers disclosed a ChatGPT vulnerability that allowed data exfiltration via a malicious prompt exploiting a hidden DNS based side channel in its Linux runtime, potentially leaking conversations and files without user awareness. The flaw bypassed built in safeguards enabling covert data transfer and remote command execution. OpenAI patched it on February 20th and said there's no evidence of real world exploitation. Separately, Beyond Trust, Phantom Labs found a command injection bug in OpenAI codecs that let attackers abuse GitHub branch names to execute code and steal access tokens, enabling full repository access. OpenAI fixed that issue on February 5th. Manufacturing and healthcare Share Password Struggles Manufacturing and Healthcare are top ransomware targets due to weak password practices, with research from Black Kite showing manufacturing as the most targeted sector for four consecutive years. Experts say both industries rely on legacy systems and prioritize uptime, leading to risky behaviors like shared credentials, weak passwords or no authentication at all, which attackers exploit for initial access. Deep Load to use AI for persistent evasion researchers at ReliaQuest uncovered a credential stealing campaign called Deep Load that uses AI generated obfuscation and social engineering to gain persistent access, often triggered by fake browser prompts. The malware logs keystrokes, hides malicious code under massive volumes of AI generated junk code, runs under trusted Windows processes, and can re infect systems days later via USB spread and hidden persistence mechanisms. AI driven attacks like this are increasingly eroding traditional signature based defenses, pushing organizations towards behavioral and runtime detection. Compliance regimes and security awareness training have been around for time immemorial in cybersecurity, but for all the money we've invested in them, have they actually improved anything? That's what we're digging into in our new episode of the CISO Series podcast. Look for the episode do you think these compliance boxes check themselves wherever you get your podcasts? And if you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbacksoseries.com we'd love to hear from you. I am Sarah Lane reporting for the CISO series. And we will talk to you tomorrow.