Security news.
Today's security landscape is marked by critical vulnerabilities under active exploitation, with CISA adding two new flaws to its KEV catalog. Additionally, significant patches have been released for major platforms, and new malware campaigns are leveraging social engineering tactics.
Critical Citrix NetScaler Flaw Actively Exploited
A critical memory vulnerability, CVE-2026-3055, in Citrix NetScaler ADC and Gateway appliances is being actively exploited to steal sensitive data. CISA has added this to its Known Exploited Vulnerabilities Catalog.
Hackers Exploiting Critical F5 BIG-IP Flaw
F5 has reclassified a BIG-IP APM vulnerability as a critical remote code execution (RCE) flaw, CVE-2025-53521, with active exploitation deploying webshells on unpatched devices. CISA has also added this to its KEV catalog.
OpenAI Patches ChatGPT Data Exfiltration Flaw
OpenAI has fixed a vulnerability in ChatGPT that allowed sensitive conversation data to be exfiltrated through a single malicious prompt, along with a Codex GitHub token vulnerability.
DeepLoad Malware Uses ClickFix for Credential Theft
A new campaign is distributing the DeepLoad malware loader via the ClickFix social engineering tactic, using AI-assisted obfuscation and process injection to steal browser credentials.
Apple Adds macOS Terminal Warning for ClickFix Attacks
Apple has introduced a security feature in macOS Tahoe 26.4 to block pasting and executing potentially harmful commands in Terminal, alerting users to risks from ClickFix attacks.
CareCloud Probing Potential Data Breach
Healthcare IT platform CareCloud is investigating a cybersecurity incident involving one of its electronic health record environments.
European Commission Reports Cyber Intrusion and Data Theft
The European Commission has reported a cyber intrusion and data theft, with the ShinyHunters hacker group claiming to have stolen over 350GB of information from their cloud systems.
Russian CTRL Toolkit Hijacks RDP via FRP Tunnels
A Russian-origin remote access toolkit, CTRL, is being distributed via malicious LNK files and used for credential phishing, keylogging, RDP hijacking, and reverse tunneling.