In this week’s news: ShinyHunters claims the hack of the European Commission, FBI confirms hack of Director personal email, Russian state-sponsored threat group Deploys DarkSword iOS Exploit Kit, TeamPCP has compromised the telnyx Python package, Phishing wave hijacks TikTok Business accounts, Canada Invests $900 Million in Quantum Technology for Defence Applications, Dutch Police discloses security breach, macOS Malware That Tricks Users Into Hacking Themselves and Anthropic is testing a new AI model called Claude Mythos.

Subscribe to this newsletter
Read Our Blog

The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. The FBI has confirmed the compromise, saying that the stolen data was not recent and did not include any government data.
https://www.bleepingcomputer.com/news/security/fbi-confirms-hack-of-director-patels-personal-email-inbox/

Security researchers have identified a new macOS-targeting information stealer known as Infiniti Stealer, previously tracked under the name NukeChain. This malware is specifically designed to harvest sensitive data from Apple users, including login credentials, cryptocurrency wallets, and developer secrets. Rather than exploiting software vulnerabilities, Infiniti Stealer uses a social engineering technique called ClickFix. The attack begins on malicious websites that display a fake Cloudflare verification page. This page mimics a CAPTCHA challenge but instead instructs users to open their macOS Terminal and paste a command to confirm they are human.
https://undercodenews.com/infiniti-stealer-the-macos-malware-that-tricks-users-into-hacking-themselves/

Canada’s National Research Council is investing over $900 million through the Defence Industrial Strategy to support development and commercialization of defence and dual-use technologies, including quantum computing, communications, and sensing capabilities for the Canadian Armed Forces.
https://thequantuminsider.com/2026/03/23/canada-advances-defence-industrial-strategy-strengthen-security-sovereignty-prosperity/

The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. The cybercrime group added the Commission to its Tor data leak site, claiming the theft of over 350 GB+ of data. Stolen data may include data dumps of mail servers, databases, confidential documents, contracts, and much more sensitive material.
https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.html

Anthropic is testing a new AI model called Claude Mythos. The company did not intend to announce it this way. On Thursday 26 March, Fortune reported that details of the model had been sitting in a publicly accessible, unsecured content management system alongside nearly 3,000 other unpublished assets. Two independent researchers found the material before Anthropic secured it. An Anthropic spokesperson confirmed the model exists, calling it "a step change" in AI performance and "the most capable we've built to date."
https://www.sovereignmagazine.com/article/claude-mythos-anthropic-new-model

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html

Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous operations. Once compromised, accounts are used to run malicious ads, steal credentials, spread malware, and conduct ad fraud, diverting company advertising budgets for profit.
https://securityaffairs.com/190058/security/new-aitm-phishing-wave-hijacks-tiktok-business-accounts.html

Advances in quantum computing could render traditional encryption methods obsolete by 2029, Google has warned. Quantum computing will use quantum mechanics to solve problems which today’s traditional binary computers simply can’t understand. The technology has the potential to revolutionize scientific and medical research, data analysis, machine learning and more. But it also poses a risk to cybersecurity as we know it, because quantum computers will be capable of breaking the public-key cryptography algorithms employed by most encryption systems used today.
https://www.infosecurity-magazine.com/news/quantum-encryption-q-day-closer/

The UK government has sanctioned a network of individuals and organizations allegedly linked to scam compounds in Southeast Asia. Across Southeast Asia, scam centers are using sophisticated schemes, including romance scams, to defraud victims on an industrial scale.
https://www.infosecurity-magazine.com/news/uk-sanction-chinese-crypto/

The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. It also stated that the incident is still under investigation by the agency's security experts and that the attackers' access to compromised systems has been blocked. "The police have been the target of a phishing attack. The police's Security Operations Center detected the incident very quickly and immediately blocked access," the police said in a Wednesday press release.
https://www.bleepingcomputer.com/news/security/dutch-police-discloses-security-breach-after-phishing-attack/

AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred people.
https://www.helpnetsecurity.com/2026/03/27/afc-ajax-data-breach-supporter-bans/

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per Citrix, successful exploitation of the flaw hinges on the appliance being configured as a SAML Identity Provider (SAML IDP).
https://thehackernews.com/2026/03/citrix-netscaler-under-active-recon-for.html

A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday.
https://www.helpnetsecurity.com/2026/03/28/big-ip-apm-vulnerability-cve-2025-53521-exploited/

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto, COLDRIVER, and Star Blizzard (formerly SEABORGIUM). It's assessed to be affiliated with Russia's Federal Security Service (FSB).
https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated attacker could use it to access sensitive files, such as wp-config.php, which includes database credentials, keys, and salt data, creating the risk for user data theft and complete website takeover.
https://www.bleepingcomputer.com/news/security/file-read-flaw-in-smart-slider-plugin-impacts-500k-wordpress-sites/

Apple is alerting users of outdated iPhones and iPads via lock screen warnings about active web-based exploits, urging immediate software updates.
https://securityaffairs.com/190109/security/apple-issues-urgent-lock-screen-warnings-for-unpatched-iphones-and-ipads.html

A Russian national has been sentenced to 24 months in prison after admitting he managed a botnet used to launch ransomware attacks against dozens of U.S. companies. The judge also imposed a $100,000 fine and ordered him to forfeit $1.6 million linked to the scheme.
https://www.helpnetsecurity.com/2026/03/25/russian-botnet-operator-sentenced-mario-kart-ransomware/