Daily Digest

Critical Citrix Flaw Exposes Networks, Lapsus$ Claims AstraZeneca Hack, and Massive Data Breaches Impact Millions

Critical Citrix Flaw Exposes Networks, Lapsus$ Claims AstraZeneca Hack, and Massive Data Breaches Impact Millions

March 24, 2026
10 articles (10 new)
30 min read

Summary

This edition for March 24, 2026, covers a surge of critical cybersecurity incidents. A severe vulnerability in Citrix NetScaler products, reminiscent of 'CitrixBleed,' puts countless organizations at risk of data exposure. The Lapsus$ extortion group has resurfaced, claiming a major data breach at pharmaceutical giant AstraZeneca. Meanwhile, data breaches at Kaplan and QualDerm have collectively compromised the sensitive personal and medical information of over 3.3 million individuals. Ransomware continues to disrupt operations, with Foster City declaring a state of emergency, and reports highlight evolving attacker tactics, including faster handoffs and increased DDoS volumes.

Filter by Category

New Articles (10)

Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

CRITICAL

Citrix Patches Critical NetScaler Vulnerability (CVE-2026-3055) Poised for Imminent Exploitation

Citrix has issued an urgent patch for CVE-2026-3055, a critical (CVSS 9.3) out-of-bounds read vulnerability in its NetScaler ADC and Gateway products. The flaw allows unauthenticated remote attackers to read sensitive memory contents, such as session tokens, from appliances configured as a SAML Identity Provider (IdP). Security researchers warn that the vulnerability is poised for imminent exploitation, drawing strong parallels to the widely exploited CitrixBleed flaw. While there is no evidence of active attacks yet, the public disclosure of patches makes reverse-engineering and exploit development highly likely. A second high-severity flaw, CVE-2026-4368, was also addressed.

March 24, 2026
6 min read
CitrixNetScalerCVEVulnerabilitySAML +3 more
Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

Kaplan Data Breach Exposes SSNs and Driver's Licenses of Over 230,000 People

HIGH

Educational Firm Kaplan North America Discloses Data Breach Affecting Over 230,000 Individuals

Kaplan North America, a major educational services provider, is notifying over 230,000 individuals that their highly sensitive personal information was stolen in a data breach. The incident, which occurred between October 30 and November 18, 2025, resulted in the exfiltration of names, Social Security numbers, and driver's license numbers. The breach has affected individuals in at least seven U.S. states, with the largest impact in Texas. Multiple law firms have already initiated investigations and class-action lawsuits against Kaplan in response to the disclosure.

March 24, 2026
5 min read
Data BreachKaplanPIISSNIdentity Theft +2 more
Kaplan Data Breach Exposes SSNs and Driver's Licenses of Over 230,000 People

QualDerm Healthcare Data Breach Exposes Personal and Medical Info of 3.1 Million Patients

HIGH

Healthcare Provider QualDerm Partners Discloses Massive Data Breach Affecting 3.1 Million

QualDerm Partners, a healthcare management services organization, is notifying over 3.1 million individuals of a major data breach that occurred in December 2025. During a two-day period of unauthorized network access, attackers exfiltrated a vast amount of sensitive data, including patient names, addresses, dates of birth, medical record numbers, treatment details, diagnoses, health insurance information, and some government-issued IDs. The scale and sensitivity of the compromised data make this a critical incident, placing millions of patients at risk of fraud and identity theft.

March 24, 2026
5 min read
Data BreachHealthcareQualDermHIPAAPHI +2 more
QualDerm Healthcare Data Breach Exposes Personal and Medical Info of 3.1 Million Patients

Russian Initial Access Broker for Yanluowang Ransomware Jailed for 81 Months in US

MEDIUM

Russian Citizen Aleksei Volkov Sentenced to 81 Months in Federal Prison for Role as Initial Access Broker

Aleksei Volkov, a 26-year-old Russian citizen, has been sentenced to 81 months in U.S. federal prison for his role as a prolific initial access broker (IAB). Volkov admitted to hacking into U.S. companies and selling that unauthorized access to ransomware groups, including the notorious Yanluowang gang. His activities facilitated dozens of attacks that resulted in over $9 million in actual losses to victims. Volkov was arrested in Italy, extradited to the U.S., and pleaded guilty in November 2025. He has also been ordered to pay over $9.1 million in restitution.

March 24, 2026
5 min read
Initial Access BrokerIABAleksei VolkovYanluowangRansomware +2 more
Russian Initial Access Broker for Yanluowang Ransomware Jailed for 81 Months in US

Iran-Linked Pay2Key Ransomware Targeted US Healthcare Amidst Military Conflict

HIGH

US Healthcare Organization Hit by Iran-Linked Pay2Key Ransomware During Geopolitical Tensions

The Iranian-linked ransomware group Pay2Key targeted a U.S. healthcare organization in late February 2026, coinciding with military conflict between the U.S. and Iran. Incident responders noted that the attack used an evolved strain of the Pay2Key ransomware but, unusually, did not involve data exfiltration. This deviation from typical financially motivated attacks suggests a potential dual motive of disruption and espionage, consistent with Iranian state-sponsored operations. The attackers compromised an administrative account days before deploying the ransomware and attempted to wipe event logs to cover their tracks.

March 24, 2026
6 min read
RansomwarePay2KeyIranHealthcareCyberattack +1 more
Iran-Linked Pay2Key Ransomware Targeted US Healthcare Amidst Military Conflict

Cybercrime Automation: Attacker Handoff Time Plummets from 8 Hours to 22 Seconds

INFORMATIONAL

Google M-Trends Report Reveals Dramatic Acceleration in Cybercriminal Operations

The 2025 Google M-Trends report from Mandiant reveals a stunning increase in the efficiency of cybercriminal operations. The time between an initial network compromise and the handoff to a secondary attacker, such as a ransomware group, has plummeted from eight hours in 2022 to just 22 seconds in 2025. This points to highly integrated and automated partnerships in the cybercrime ecosystem. The report also highlights a surge in voice-based phishing (vishing) as a top initial access vector, while noting that global median dwell time has risen to 14 days, skewed by long-running espionage campaigns.

March 24, 2026
6 min read
M-TrendsMandiantGoogleThreat IntelligenceRansomware +3 more
Cybercrime Automation: Attacker Handoff Time Plummets from 8 Hours to 22 Seconds

Semiconductor Firm Trio-Tech's Singapore Unit Hit by Gunra Ransomware

MEDIUM

Trio-Tech International Confirms Gunra Ransomware Attack on Singapore Subsidiary

Trio-Tech International, a U.S.-based semiconductor services firm, has confirmed its Singaporean subsidiary was hit by a ransomware attack on March 11. The Gunra ransomware operation has claimed responsibility. In an SEC filing, the company initially stated the incident was not material, but later revised its assessment after the attackers began leaking stolen data online. The subsidiary has now activated its incident response plan, is working with cyber insurance, and is notifying affected parties. The event highlights how a contained ransomware incident can quickly escalate to a data breach crisis.

March 24, 2026
5 min read
RansomwareGunraTrio-TechSemiconductorData Breach +1 more
Semiconductor Firm Trio-Tech's Singapore Unit Hit by Gunra Ransomware

Poland Reports 150% Surge in Cyberattacks, Cites Unprecedented Assault on Energy Grid

HIGH

Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

A Polish government official has revealed a dramatic 150% increase in cyberattacks against the country in 2025, totaling 270,000 incidents. The surge included a sophisticated and coordinated attack in December on Poland's energy system, which targeted a major heat and power plant and multiple renewable energy farms. Polish authorities believe the attack, described as a 'significant escalation' for a NATO member, originated from a single actor linked to Russian secret services. While the electricity supply was not disrupted, the incident has raised significant alarms about the vulnerability of critical infrastructure.

March 24, 2026
6 min read
PolandRussiaCyberattackEnergy SectorICS +3 more
Poland Reports 150% Surge in Cyberattacks, Cites Unprecedented Assault on Energy Grid

DDoS Attacks Surge 150% with Record-Breaking 12 Tbps Volumes, Gcore Reports

INFORMATIONAL

Gcore Report: DDoS Attacks Surge 150% with Growing Sophistication and Volume

A new report from infrastructure provider Gcore reveals a 150% increase in Distributed Denial-of-Service (DDoS) attacks between Q4 2024 and Q4 2025. Attack volumes have also exploded, reaching a record 12 Terabits per second (Tbps). The report highlights a trend towards faster, cheaper, and more frequent attacks, with 75% of network-layer attacks lasting less than a minute. The technology, financial services, and gaming industries remain the primary targets, while a significant portion of attack traffic originates from Latin America, particularly Mexico and Brazil.

March 24, 2026
5 min read
DDoSGcoreThreat IntelligenceBotnetDenial of Service +1 more
DDoS Attacks Surge 150% with Record-Breaking 12 Tbps Volumes, Gcore Reports

Network Gear Surpasses Endpoints as Top Cyber Risk, Forescout Warns

INFORMATIONAL

Forescout Report: Network Infrastructure Now the Top Cyber Risk, Surpassing Endpoints

Forescout's 2026 'Riskiest Connected Devices' report reveals a major shift in enterprise risk, with network infrastructure like routers and switches now posing a greater threat than traditional endpoints. These core network devices, which average nearly 32 vulnerabilities each, are heavily targeted by attackers for lateral movement and persistence. The report highlights a diversifying attack surface, with 40% of the riskiest device types being new to the list this year, including OT, IoT, and IoMT devices. This signals a clear trend of attackers focusing on often-unmanaged, high-impact devices within the network.

March 24, 2026
6 min read
ForescoutThreat IntelligenceNetwork SecurityIoTOT +3 more
Network Gear Surpasses Endpoints as Top Cyber Risk, Forescout Warns

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.