Lloyds Data Security Incident Impacts 450,000 Individuals
UK retail and commercial financial services giant Lloyds Banking Group has disclosed a data security incident impacting close to 450,000 of its mobile banking users. The incident occurred on March 12 and was the result of a faulty software update that exposed transaction details from users' current accounts to other users. According to Lloyds, however, the transactions were exposed only if users were accessing their transaction lists simultaneously. READ MORE...
OpenAI patches ChatGPT flaw that smuggled data over DNS
OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed. In February, the free-spending AI biz fixed a data exfiltration vulnerability in ChatGPT that allowed a single prompt to bypass the notional safeguards OpenAI had put in place. OpenAI has implemented various safeguards around ChatGPT to limit data exfiltration by the various tools it can use. READ MORE...
AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection
Researchers have uncovered a new malware strain capable of stealing credentials immediately after gaining a foothold on a victim network, capturing both stored browser passwords and live keystrokes in real time through a standalone stealer and a malicious browser extension. What makes the malware particularly difficult to contain, according to ReliaQuest, is its likely use of AI-generated code and process injection to evade detection tools. READ MORE...
Axios supply chain attack chops away at npm trust
Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind the scenes to let apps talk to the internet. For example, Axios makes requests such as "get my messages from the server" or "send this form to the website" easier and more reliable for programmers and it saves them from having to write a lot of low-level networking code themselves. READ MORE...
Why I'm done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners are very bad at communicating to people. A primary example is the phrase "humans are the weakest link" which is well known phrase in our industry. This phrase implies that if it were not for humans our systems would be fully secure. READ MORE...
Storm Brews Over Critical, No-Click Telegram Flaw
A storm is brewing over a purported critical Telegram Messenger flaw that allows for full system hijack, with full details of the unpatched vulnerability not set to be disclosed until July. The vulnerability, which could impact some 1 billion users of the popular chat app, was discovered by researcher Michael DePlante of the Trend Micro Zero Day Initiative (ZDI). ZDI first revealed the existence of the flaw, which it tracks as ZDI-CAN-30207, on Thursday. READ MORE...
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
Threat actors have started exploiting a critical-severity vulnerability in Fortinet FortiClient EMS, threat intelligence firm Defused Cyber warns. A centralized management server, FortiClient EMS allows organizations to deploy, configure, and monitor FortiClient endpoints across their environments. It also supports multi-tenant deployments, enabling the management of multiple customer sites from a single instance. READ MORE...
Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. Citrix initially disclosed CVE-2026-3055 in a security bulletin on March 23, alongside a high-severity race condition flaw tracked as CVE-2026-4368. The issue impacts versions of the two products before 14.1-60.58, versions older than 13.1-62.23, and those older than 13.1-37.262. READ MORE...
Inventors of Quantum Cryptography Win Turing Award
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it's largely unnecessary. I wrote up my thoughts back in 2008, in an essay titled "Quantum Cryptography: As Awesome As It Is Pointless." What about quantum computation? I'm not worried, the math is ahead of the physics. READ MORE...
- ...in 1889, the Eiffel Tower is dedicated in Paris in a ceremony presided over by Gustave Eiffel, whose company built and designed it.
- ...in 1918, daylight saving time goes into effect in the United States for the first time.
- ...in 1943, stage and screen actor Christopher Walken ("The Deer Hunter", "Batman Returns") is born in Queens, NY.
- ...in 1998, Netscape releases their Mozilla source code under an open-source license, paving the way for the Firefox web browser and its various spinoffs.
