More Signal. Less Noise.

Secure and govern AI usage, applications, and agents across the enterprise

AI adoption is expanding across employee tools, copilots, embedded AI features, and homegrown applications. That pace is creating governance gaps, inconsistent policy enforcement, and new exposure risk. Security teams must now govern the AI employees use, and the AI applications and agents development teams build. This webinar shows how organizations can discover Shadow AI, apply prompt and response guardrails, and protect AI applications and agents at runtime through Cato AI Security.

V15 | Issue 60 | 3.31.26

Daily Briefing for 03.31.26

Summary

By the N2K CyberWire staff

Hackers begin exploiting critical Citrix NetScaler vulnerability.

Threat actors have begun exploiting a critical vulnerability (CVE-2026-3055) affecting Citrix NetScaler ADC and NetScaler Gateway appliances that was disclosed on March 23rd, BleepingComputer reports. The flaw, which has been compared to the CitrixBleed and CitrixBleed2 vulnerabilities, is an "insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread."

Researchers at watchTowr observed exploitation of the vulnerability beginning on Sunday, March 27th. The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems by Thursday, April 2nd, noting that "[t]his type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."

Critical Fortinet flaw is under active exploitation.

Attackers are also exploiting a critical flaw in Fortinet FortiClient EMS that was patched in February, SecurityWeek reports. The SQL injection flaw (CVE-2026-21643) can "allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests." Proof-of-concept code has been published online, and Defused Cyber began seeing attacks exploiting the flaw last week.

The Shadowserver foundation warns that over 2,000 FortiClient EMS deployments are exposed to the internet, though it's unclear how many remain unpatched.

Lloyds Banking Group discloses breach stemming from a software error.

Lloyds Banking Group has disclosed a data breach stemming from a software defect during a routine IT update, affecting nearly 448,000 customers, Infosecurity Magazine reports. The glitch allowed users of mobile banking apps to view transactions belonging to other users, including account details, payment references, and National Insurance numbers. Around 114,000 app users across Lloyds, Halifax, and the Bank of Scotland clicked on transactions belonging to other users.

The bank has paid out £139,000 (US$183,000) in compensation to 3,625 customers due to distress caused by the breach.

Notes.

Today's issue includes events affecting , and the United Kingdom the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine) Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update

Venom Stealer Turns ClickFix Into a Full Exfiltration Pipeline (BlackFog) BlackFog analyzes Venom Stealer, a new MaaS infostealer that uses ClickFix delivery to launch an automated exfiltration pipeline covering credential theft, wallet cracking, and fund sweeping.

Litigation, Investigation, and Law Enforcement

FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC) Order follows FTC success in enforcing Civil Investigative Demand in federal court

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SO-CON 2026 (Arlington, Virginia, USA, Apr 13 - 14, 2026) SO-CON is the only conference dedicated to identity-based security and attack path management. The week begins with a two-day main conference packed with talks, research, and community exchange, followed by four days of deep-dive, hands-on trainings led by adversary-experienced practitioners. Training to follow on April 15-18, 2026.

Space Symposium 2026 (Colorado Springs, Colorado, USA, Apr 13 - 16, 2026) Space Symposium is the premier event uniting global space professionals from all sectors, providing a unique platform to explore critical space issues, foster dialogue, and drive innovation across the space industry.

Philadelphia Cybersecurity Summit (Philadelphia, PA, Apr 15, 2026) Maximize your networking opportunities by meeting with fellow industry executives and leading security experts at the upcoming 9th Annual Philadelphia Official Cybersecurity Summit on Wednesday, April 15, 2026. Secure your admission now! Use Code CSS26-CRA before February 18 for Free Admission.*

CyberArk IMPACT 2026 (Austin, Texas, USA, May 11 - 13, 2026) At CyberArk IMPACT, cybersecurity practitioners and leaders will come together to explore today’s #1 attack vector – identity. Attendees will acquire a deep understanding of the latest developments in identity-based cyberattacks, including sophisticated attacker techniques that leverage AI and other methods. And most importantly, they will learn how to shut out attackers and prevent unauthorized access by securing every identity across the organization with the right level of privilege controls.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.