Mar 31, 2026

Email 1 Summary:

Apple has introduced a secret security feature in macOS version 26.4 that warns users of possible “ClickFix” attacks. When a user copies and pastes commands from a browser into the Terminal window, a popup appears to alert them to the risk. ClickFix attacks trick users into running malicious code via fake errors or CAPTCHA pages, installing malware such as infostealers, and have become highly popular on macOS toward the end of 2025. These attacks are now a leading malware vector, competing with email and fake software downloads. This update is part of efforts to raise awareness among less technical users.

Email 2 Summary:

Iran-linked hacker group Handala has breached the personal Gmail account of FBI Director Kash Patel, leaking emails and private photos mostly from 2010 to 2019. The Justice Department confirmed the breach but stated no government or classified systems were compromised. Handala claims the attack is part of a psychological operation in support of Iran-aligned causes. Additionally, several other cybersecurity incidents were reported, including an Anthropic data exposure through a misconfigured CMS, Apple’s Lockdown Mode preventing spyware infections, and a new malware campaign targeting macOS crypto users through fake Cloudflare CAPTCHA pages (ClickFix technique). The European Commission also disclosed a data breach with over 350GB of data stolen.

Email 3 Summary:

The FBI confirmed that FBI Director Kash Patel’s personal Gmail account was breached by Iran-linked hackers known as Handala, who leaked historical personal and professional emails dating from 2010 to 2019. The US government linked Handala to Iran’s Ministry of Intelligence and Security and noted the group’s recent increased activity. Other important news includes active exploitation of a critical remote code execution vulnerability in F5 BIG-IP Access Policy Manager, urging organizations to apply patches urgently, and the European Commission revealing a data breach of its AWS environment attributed to the ShinyHunters extortion group with over 350GB of stolen data.

Email 4 Summary:

SecurityWeek reports on multiple cybersecurity developments including the exploitation of a Citrix NetScaler vulnerability in the wild. Other highlights include a ClickFix attack dropping macOS malware, a Russian APT group adopting the DarkSword iOS exploit kit, the F5 BIG-IP remote code execution flaw being actively exploited, and a significant data breach at the European Commission. Further news covers supply chain attacks on Telnyx’s Python SDK by TeamPCP, a ransomware compromise of healthcare IT provider CareCloud, and the FBI confirming a hack of Kash Patel’s personal email. The newsletter also summarizes recent industry events and new security research tools.

Stay Well!