Daily Security Briefing #207

March 28, 2026 | Read Online

Malicious browser extensions hijack AI chats, European Commission confirms cyberattack, and Citrix NetScaler under active reconnaissance…

Executive Summary

A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools in a growing threat now dubbed “prompt poaching.” The European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. Meanwhile, critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway are witnessing active reconnaissance activity.

Top Articles

Malicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” Attack A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact with AI tools in isolated tabs, manually copying and pasting content for analysis or summarization. GBHackers

European Commission Confirms Cyberattack After AWS Account Breach The European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. According to an official statement, the compromised infrastructure supported the Commission’s public-facing web services. GBHackers

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. The Hacker News

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The Hacker News

New Infinity Stealer malware grabs macOS data via ClickFix lures A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. BleepingComputer

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs The infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer. SecurityWeek

Fake Certificate Loader Conceals BlankGrabber Malware Chain BlankGrabber’s operators are experimenting with a stealthy loader chain that abuses Windows certificate tooling to hide a Rust‑based stager behind what appears to be legitimate cryptographic data. GBHackers

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.