Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-30 13:00 PDT
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
SANS ISC Diary (full) • 2026-03-30 11:53 • isc.sans.eduA lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could help indicate whether a session is automated and if a honeypot was fingerprinted. This information can also be used to find more interesting honeypot sessions.
- HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API
Troy Hunt • 2026-03-30 11:42 • www.troyhunt.comFor a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches. We&
- Critical Citrix NetScaler memory flaw actively exploited in attacks
BleepingComputer • 2026-03-30 11:28 • www.bleepingcomputer.com
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. […]
https://www.bleepingcomputer.com/news/security/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks/ - OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
The Hacker News • 2026-03-30 11:05 • thehackernews.com
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.
“A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in
https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html - DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
The Hacker News • 2026-03-30 08:47 • thehackernews.com
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
“It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers Thassanai
https://thehackernews.com/2026/03/deepload-malware-uses-clickfix-and-wmi.html - TeamPCP Supply Chain Campaign: Update 004 – Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
SANS ISC Diary (full) • 2026-03-30 07:59 • isc.sans.eduThis is the fourth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign's shift to monetization. Thi…
https://isc.sans.edu/diary/rss/32846 - Apple adds macOS Terminal warning to block ClickFix attacks
BleepingComputer • 2026-03-30 07:32 • www.bleepingcomputer.com
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. […]
https://www.bleepingcomputer.com/news/security/apple-adds-macos-terminal-warning-to-block-clickfix-attacks/ - How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
BleepingComputer • 2026-03-30 07:01 • www.bleepingcomputer.com
AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner’s questions for evaluating AI SOC agents and separating real impact from hype. […]
https://www.bleepingcomputer.com/news/security/how-to-evaluate-ai-soc-agents-7-questions-gartner-says-you-should-be-asking/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
