SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
New Android malware targets mobile banking users
A sophisticated new Android banking trojan named Mirax can be rented by cybercriminals for up to $3,000 per month. The malware enables users to gain remote control over devices and includes specialized overlays for more than 700 different financial applications. This toolkit allows attackers to bypass security measures and steal sensitive information.
Italy fines Intesa Sanpaolo $36 million over massive data security lapse
The Italian data protection authority has ordered Intesa Sanpaolo, the country’s biggest bank, to pay 31.8 million euros ($36 million) following a significant breach that exposed customer information. Investigators found that the bank failed to implement adequate technical safeguards, allowing an employee to illegally access thousands of private accounts for more than two years.
Apple updates Mac security to combat ClickFix attacks
Apple has introduced a new warning within the macOS Terminal to protect users from ClickFix campaigns that trick people into running malicious code. These social engineering attacks often use fake browser error messages to convince victims to copy and paste dangerous scripts directly into their systems. Apple is now trying to protect users by flagging suspicious commands before they execute.
Secret side channel found in ChatGPT code execution environment
Researchers at Check Point have discovered a vulnerability that allowed ChatGPT to silently leak sensitive user data to external servers. The flaw exploited the platform’s code execution runtime, using DNS queries as a hidden outbound channel to bypass standard security filters and data sharing warnings. By encoding information like conversation history or uploaded files into these background requests, an attacker could exfiltrate private data without the user ever receiving a notification or consent prompt. The flaw was patched by OpenAI in February.
High-severity vulnerability patched in Symantec product
Broadcom has issued a patch for a high-severity vulnerability in Symantec Data Loss Prevention (DLP) products. The flaw, identified as CVE-2026-3991, could allow a local attacker to bypass security restrictions and gain elevated privileges on a compromised system. Security teams are advised to upgrade to the latest versions, including DLP 16.1 MP2 or 25.1 MP1. This appears to be the first publicly disclosed Symantec vulnerability of 2026.
North Dakota water facility hit by cyberattack
The city of Minot recently confirmed that its water treatment plant was targeted by a ransomware attack on March 14. Staff immediately disconnected the affected systems and transitioned to manual operations for 16 hours to ensure the water supply remained safe.
Recent FBI hack classified as major incident
The FBI has officially classified a breach of its lawful wiretap infrastructure as a major incident, indicating it poses significant national security risks. State-sponsored Chinese hackers are reportedly the primary suspects. Politico reported that the hackers broke in through a commercial ISP’s infrastructure. The compromised system stored “returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations”.
Nissan data theft linked to external supplier
Nissan has confirmed that information recently leaked online was stolen from a third-party vendor rather than through a direct breach of its own internal systems. The announcement follows threats from the Everest ransomware group, which claimed to have accessed sensitive corporate data and issued an ultimatum for payment.
Maryland man charged in massive crypto heist
A Maryland resident has been charged in connection with a massive cryptocurrency heist. Jonathan Spalletta is accused of stealing more than $50 million from the Uranium cryptocurrency exchange in 2021 through a series of smart contract exploits. The hack led to Uranium’s shutdown. Investigators have already seized approximately $31 million in stolen funds, while noting that the defendant used other portions of the haul to purchase luxury collectibles and rare trading cards.
Android rootkit may have infected millions via Google Play
Security researchers at McAfee have uncovered a sophisticated Android malware campaign called Operation NoVoice. The malware was identified in over 50 apps on Google Play, which had a total download count of 2.3 million. The NoVoice malware uses vulnerabilities patched in Android between 2016 and 2021 to install a persistent rootkit that can survive a factory reset, allowing attackers to inject malicious code into every app on the phone. Once established, the malware grants full control of the device, enabling attackers to steal valuable data.
Related: In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline
Related: In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
