Latest Security News Collection
European Commission Downplays ShinyHunters’ Cyberattack Claims
Section titled “European Commission Downplays ShinyHunters’ Cyberattack Claims”#CyberSecurity #EuropeanCommission #ShinyHunters #DataBreachClaims #PublicSectorIT#CyberThreats #IncidentResponse #EUInstitutions #CloudSecurity #CyberCrime
The European Commission has sought to calm concerns after the cybercrime group ShinyHunters claimed responsibility for a major data breach, stressing that the real impact appears limited. According to the Commission, the incident affected parts of the Europa.eu web portal, which hosts public-facing websites for EU institutions, but there is no evidence that core internal systems or sensitive administrative networks were compromised. Officials said the attack was detected quickly and contained, and that investigations are ongoing to verify the hackers’ claims. The Commission also warned that cybercriminal groups often exaggerate the scale of intrusions to gain attention or leverage. While the incident underlines the persistent threat facing public institutions, EU authorities emphasised that the situation does not amount to a large-scale breach as portrayed by ShinyHunters and that affected stakeholders are being informed as needed.
→ Read more on therecord.media
OpenAI Fixes ChatGPT Flaw That Could Silently Expose User Data
Section titled “OpenAI Fixes ChatGPT Flaw That Could Silently Expose User Data”#ChatGPT #OpenAI #CyberSecurity #DataProtection #PromptInjection #AIsecurity #VulnerabilityPatch #EnterpriseSecurity #ResponsibleDisclosure #DataPrivacy
OpenAI has patched a previously unknown security vulnerability in ChatGPT that could have allowed attackers to secretly extract sensitive user data using a single malicious prompt. According to research by Check Point, the flaw enabled conversation content, uploaded files and other private information to be exfiltrated without the user’s knowledge or consent. The issue exploited a hidden side channel in ChatGPT’s Linux-based execution environment, bypassing existing guardrails designed to prevent unauthorised data sharing. OpenAI addressed the vulnerability in February 2026 following responsible disclosure and stated there is no evidence it was exploited in real-world attacks. The incident highlights growing concerns around prompt injection risks and the security implications of deploying AI tools in enterprise environments, where highly sensitive information is often shared. Security experts stress that organisations should not assume AI platforms are secure by default and should implement additional protective controls.
→ Read more on thehackernews.com
Qilin Ransomware Claims Breach of Chemical Manufacturing Giant Dow
Section titled “Qilin Ransomware Claims Breach of Chemical Manufacturing Giant Dow”#Ransomware #Qilin #CyberCrime #DataBreach #ChemicalIndustry #CriticalInfrastructure#CyberExtortion #IndustrialSecurity #ThreatActors #IncidentResponse
The WorldLeaks ransomware group has claimed responsibility for a major cyberattack against the City of Los Angeles, alleging the theft of 159.9 GB of data, according to SecurityAffairs reporting.
The group, known for data‑theft‑driven extortion, listed Los Angeles on its leak site on 20 March 2026, marking a significant escalation in attacks against US municipalities. The same campaign also affected LA Metro, forcing the transit agency to shut down internal administrative systems and disrupting station display boards — though rail and bus services continued, and no customer data was affected.
In parallel, ransomware attacks linked to WorldLeaks triggered states of emergency in San Francisco Bay Area cities, including Foster City, where municipal systems were taken offline as a precaution. Officials are still investigating whether sensitive data was accessed, urging residents to update passwords and remain vigilant.
→ Read more on securityaffairs.com
AI‑Driven Malware Blends ClickFix Tactics with Stealthy Credential Theft
Section titled “AI‑Driven Malware Blends ClickFix Tactics with Stealthy Credential Theft”#CyberSecurity #Malware #ArtificialIntelligence #ClickFix #CredentialTheft #ThreatActors #EnterpriseSecurity #SocialEngineering#AIinCyber #ThreatIntelligence
Security researchers have identified a newly observed malware campaign that combines artificial intelligence with the increasingly popular “ClickFix” social‑engineering technique to evade detection in enterprise environments. The malware, dubbed DeepLoad, tricks users into manually executing malicious PowerShell commands, giving attackers an initial foothold that appears legitimate to many security tools. Once deployed, the loader uses AI‑assisted obfuscation, burying its malicious logic under thousands of meaningless code lines to bypass static analysis. According to ReliaQuest, DeepLoad establishes persistence, survives reboots and immediately begins stealing credentials, including passwords and active browser sessions. The campaign highlights a worrying shift towards AI‑enabled malware that is faster to produce, harder to detect and highly effective against traditional defences. Experts warn organisations to prioritise behavioural monitoring and user awareness, as conventional signature‑based security controls may no longer be sufficient.
→ Read more on cybersecuritydive.com
Telnyx PyPI Supply‑Chain Attack Highlights Growing Risks in AI Tooling
Section titled “Telnyx PyPI Supply‑Chain Attack Highlights Growing Risks in AI Tooling”#SupplyChainAttack #PyPI #OpenSourceSecurity #LiteLLM #AIsecurity #DeveloperSecurity #CyberThreats #MaliciousPackages #SoftwareSupplyChain #APIKeys
A recent supply‑chain attack linked to Telnyx has underscored the security risks surrounding open‑source AI tooling and Python package repositories. Attackers uploaded a malicious package to the Python Package Index (PyPI) that impersonated LiteLLM, a popular open‑source library used to connect applications to large language models. According to reports, the fake package was designed to steal sensitive data, including API keys and environment variables, from developers who unknowingly installed it. The incident illustrates how threat actors are increasingly targeting software supply chains, exploiting trust in widely used libraries and developer ecosystems. Security experts warn that AI‑focused tools are becoming particularly attractive targets as adoption accelerates across enterprises. The case serves as a reminder for organisations and developers to carefully validate dependencies, monitor for typosquatting attacks and strengthen controls around open‑source software consumption.
→ Read more on theregister.com
AsGoodAsNew Data Breach Exposes Customer Information via OXID eShop Payment Flaw
Section titled “AsGoodAsNew Data Breach Exposes Customer Information via OXID eShop Payment Flaw”#DataBreach #AsGoodAsNew #CyberSecurity #OXIDeShop #PaymentModule #CustomerData #ThirdPartyRisk #PhishingWarning #EcommerceSecurity #IncidentResponse
German refurbished‑electronics retailer AsGoodAsNew has suffered a major cyberattack that led to the theft of customer data from up to 1.8 million accounts. According to reports, attackers exploited a previously unknown vulnerability in a third‑party payment module used within the OXID eShop system. Through this flaw, the intruders were able to access the company’s customer database. Exposed data includes names, postal addresses, email addresses, order histories and encrypted password hashes. While no plain‑text passwords were stored, the company reset all customer passwords as a precaution. AsGoodAsNew has informed affected customers and relevant data‑protection authorities, while consumer watchdogs warn of an increased risk of targeted phishing attacks using the stolen information. The incident highlights the growing security risks posed by vulnerable third‑party components in e‑commerce platforms.
→ Read more on security-insider.de
CareCloud Breach Raises Fears Over Exposure of Patient Health Records
Section titled “CareCloud Breach Raises Fears Over Exposure of Patient Health Records”#CareCloud #HealthcareCybersecurity #DataBreach #PatientData #HealthRecords #CyberIncident #EHRsecurity #DataPrivacy #IncidentResponse #HealthcareIT
Healthcare IT provider CareCloud has disclosed a cybersecurity incident that temporarily disrupted its network and may have put patient health records at risk. According to the company, an unauthorised third party accessed one of its six electronic health record (EHR) environments on 16 March 2026, causing an outage lasting around eight hours. The affected system stored sensitive patient data used by CareCloud’s healthcare customers. While full functionality was restored the same day, the company said it is still investigating whether personal or medical information was accessed or exfiltrated. CareCloud reported the incident to law enforcement, its cyber‑insurance provider and the US Securities and Exchange Commission, and engaged external cybersecurity experts to assess the impact. No ransomware or extortion group has yet claimed responsibility. The incident highlights ongoing cybersecurity risks facing healthcare technology providers and the potential consequences for patient data privacy.
→ Read more on cybernews.com
German Left Party Reports Suspected Qilin Ransomware Attack
Section titled “German Left Party Reports Suspected Qilin Ransomware Attack”#CyberSecurity #Ransomware #Qilin #DieLinke #PoliticalCyberAttack #GermanPolitics #ThreatActors #DataProtection #IncidentResponse #DemocraticSecurity
Germany’s left‑wing political party Die Linke has reported a suspected ransomware attack linked to the hacking group Qilin, which is believed by security analysts to be Russian‑speaking. According to the party’s federal executive director, unusual activity was detected in the party’s IT systems, prompting parts of the infrastructure to be taken offline as a precaution. A criminal complaint has been filed and the party is working closely with security authorities and independent experts to investigate the incident. While the scope of the intrusion is still being assessed, Die Linke confirmed that its membership database was not affected. The attackers are suspected of targeting internal systems and staff data, potentially aiming to intimidate or discredit the organisation. The incident adds to a growing list of cyberattacks against German political parties and underlines ongoing concerns about politically motivated ransomware operations targeting democratic institutions.
→ Read more on heise.de
Researchers Uncover Network of 15,500 Malicious Domains Hiding Online Fraud and Malware
Section titled “Researchers Uncover Network of 15,500 Malicious Domains Hiding Online Fraud and Malware”#CyberCrime #MaliciousDomains #OnlineFraud #ThreatIntelligence #Cloaking #MalwareDistribution #ScamCampaigns #DigitalAdvertising #CyberSecurity #AIenabledFraud
Security researchers have uncovered around 15,500 malicious domains being used to conceal large‑scale online fraud and malware distribution. According to an analysis by Infoblox Threat Intel and Confiant, cybercriminals are increasingly abusing legitimate advertising and tracking technologies to hide their infrastructure within normal web traffic. By using cloaking techniques, harmful content is selectively shown only to intended victims, while remaining invisible to many users and security tools. The investigation found that many campaigns promote fake investment opportunities, often branded with artificial intelligence themes and enhanced by professional‑looking websites, generative AI and deepfake elements. Rather than building their own infrastructure, attackers rely on widely available commercial tools, making detection significantly harder. Over a four‑month period, researchers identified thousands of active instances linked to scams and malware, highlighting how cybercrime is shifting towards stealthier, more deceptive techniques that blend seamlessly into everyday internet activity.
→ Read more on it-daily.net
Critical F5 BIG‑IP Flaw Reclassified as RCE and Actively Exploited
Section titled “Critical F5 BIG‑IP Flaw Reclassified as RCE and Actively Exploited”#CyberSecurity #F5 #BIGIP #RemoteCodeExecution #ZeroDay #ActiveExploitation #VulnerabilityManagement #NetworkSecurity #CVE202553521 #IncidentResponse
A serious security flaw affecting F5 BIG‑IP systems is now being actively exploited after being reclassified from a denial‑of‑service bug to a critical remote code execution (RCE) vulnerability. The issue, tracked as CVE‑2025‑53521, was originally disclosed in October 2025 as a high‑severity DoS weakness but has since been upgraded following new evidence of real‑world exploitation. According to F5 and the US Cybersecurity and Infrastructure Security Agency (CISA), the flaw allows unauthenticated attackers to execute arbitrary code on vulnerable BIG‑IP Access Policy Manager (APM) systems when specific access policies are enabled. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and urged organisations to apply patches immediately. F5 has also released indicators of compromise to help defenders detect potential intrusions, warning that unpatched systems are at high risk.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.