ChatGPT data leakage vulnerability discovered and patched
Researchers at Check Point found a prompt-based data exfiltration issue in ChatGPT’s code execution runtime that abused DNS as a side channel, allowing sensitive content processed by third-party apps, including data pulled from uploaded PDFs, to be sent to attacker-controlled infrastructure without tripping expected network restrictions. OpenAI reportedly fixed the issue on February 20, but the writeup is a useful reminder that model-side sandbox assumptions can fail in ways that matter for regulated data handling.
New criminal service plans to monetize data stolen by ransomware gangs
A new dark web service called Leak Bazaar is pitching itself as a way to turn the huge volumes of data stolen in ransomware operations into structured, searchable intelligence that can be resold or used for more targeted extortion. The shift matters because it points to a more mature post-breach economy where stolen data may keep generating value for criminals long after the original intrusion is over.
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
Defenders are seeing exploitation of CVE-2026-21643, a critical SQL injection flaw in FortiClient EMS 7.4.4 that can be triggered without authentication against internet-exposed admin interfaces in multi-tenant deployments. The bug can let attackers run arbitrary SQL, pull admin credentials and endpoint data, and access certificates for managed endpoints, which makes exposed EMS instances a high-priority patch item.
European Commission Reports Cyber Intrusion and Data Theft
The European Commission confirmed a cyberattack affecting cloud infrastructure used for the Europa.eu web platform and said early findings indicate data was taken, though its internal systems were not impacted. The incident followed ShinyHunters claims that more than 350GB of information had been stolen, and the reporting suggests the compromise may have involved a misconfiguration or account compromise rather than a flaw in AWS itself.
Critical Flaw in Langflow AI Platform Under Attack
Attackers moved on CVE-2026-33017 in Langflow almost immediately after disclosure, with Sysdig observing exploitation attempts in less than 24 hours even before a public proof of concept was available. The pattern reinforces how quickly threat actors are operationalizing bugs in AI tooling, especially where those platforms may expose sensitive workflows, data, or software supply chain paths.
The post InfoSec News Nuggets 04/01/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
