CyberNews: 29/03/2026 Edition

Published by Dunateo on 2026-03-29

Today’s roundup

  • New Infinity Stealer malware grabs macOS data via ClickFix lures
  • Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
  • Apple issues urgent lock screen warnings for unpatched iPhones and iPads
  • ShinyHunters claims the hack of the European Commission
  • AI Threat Landscape Digest January-February 2026
  • The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

    • Summary

    A new info-stealing malware, Infinity Stealer, is actively targeting macOS systems. The malware uses a Python payload packaged as an executable via the Nuitka compiler and is distributed through ClickFix lures to extract sensitive user data. Cybersecurity professionals should implement robust endpoint detection and user awareness training.


    Iran-linked threat actors, identified as the Handala Hack Team, have reportedly breached the personal email account of FBI Director Kash Patel, leaking photographs and documents online. Concurrently, the group is also attributed to a wiper attack targeting the medical technology firm Stryker. This activity underscores continued nation-state cyber operations against high-profile individuals and critical industries.


    Apple has issued urgent lock screen warnings for iPhones and iPads running outdated iOS and iPadOS versions. These warnings alert users to active web-based attacks utilizing the Coruna and DarkSword exploit kits, which target devices from iOS 13.0 up to 17.2.1 and iOS 18.4 to 18.7 respectively. Kaspersky researchers have linked the Coruna exploit kit to the 2023 Operation Triangulation campaign, indicating it is an advanced evolution of the same exploitation framework. Immediate software updates are advised.


    The cybercrime group ShinyHunters has claimed responsibility for a breach of the European Commission, alleging the theft of over 350 GB of data, including content from mail servers and internal communication systems. The European Commission confirmed a cyberattack on March 24, affecting the cloud infrastructure hosting its Europa.eu websites, with some data accessed, though internal systems remained unaffected. This incident follows a previous attack on their mobile device management system in January, where some staff data was accessed.


    Check Point Research’s latest digest reveals that AI-assisted malware development has reached operational maturity, exemplified by the VoidLink framework created by a single developer in under a week using an AI-powered IDE. Threat actors are exploring self-hosted AI models, and jailbreaking techniques are evolving to target AI agent architectures. Enterprise AI adoption itself is creating an expanding attack surface, with 1 in 31 prompts risking sensitive data leakage and impacting 90% of GenAI-adopting organizations.


    WatchTowr Labs has detailed CVE-2026-3055, a critical memory overread vulnerability (CVSS 9.3) affecting Citrix NetScaler ADC and Gateway appliances. The vulnerability is exploitable when the appliance is configured as a SAML Identity Provider and can lead to the disclosure of sensitive memory contents. Affected versions include those prior to 14.1-26.x. Patches are available in versions 14.1-60.58, 14.1-66.59 and later, 13.1-62.23 and later, and 13.1-FIPS/NDcPP 13.1.37.262 and later.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-3055 Medium