European Commission confirms cyberattack after hackers claim data breach
The European Commission confirmed that attackers breached part of its cloud infrastructure tied to the Europa.eu platform and said it had already contained the incident and implemented mitigation steps. The Commission said its internal systems were not affected, but it’s still investigating what data was taken after hackers claimed they stole large amounts of information from its cloud environment.
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
LiteLLM, a widely used open-source Python package for AI systems, was compromised on PyPI in a supply chain attack that researchers say could ripple across a large number of corporate environments. The malicious versions were available for at least two hours, and the implanted code was designed to steal sensitive data such as cloud credentials, API keys, and cryptocurrency wallets while also establishing follow-on access.
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical Fortinet FortiClient EMS flaw is now seeing real-world exploitation, with reporting indicating attackers can reach the vulnerable administrative interface without credentials and use a crafted request to execute unauthorized SQL queries and gain access to sensitive management data. The issue affects FortiClient EMS 7.4.4 in multi-tenant deployments, and the combination of unauthenticated access plus a meaningful internet-facing footprint makes this one an immediate patch item.
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
ReliaQuest says the DeepLoad malware campaign is using AI-assisted obfuscation to make static detection less effective, while also keylogging, hiding inside trusted Windows processes, and persisting after partial cleanup. The campaign also spreads through social-engineering prompts and can reinfect systems days later, which makes it a useful example of how AI is starting to compress defender response time even in otherwise familiar malware chains.
F5 BIG-IP APM DoS bug exploited as an RCE, added to CISA list
CVE-2025-53521 has been reclassified from a 7.5 denial-of-service issue to a 9.8 remote code execution flaw with confirmed active exploitation, and CISA has now added it to the Known Exploited Vulnerabilities catalog. The reclassification matters because many teams may have previously deprioritized patching, but BIG-IP devices sit directly in the traffic path, so a successful compromise can give attackers a much stronger control point inside the environment.
The post InfoSec News Nuggets 03/31/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
