In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

Summary

This SecurityWeek news roundup covers multiple significant cybersecurity incidents including Operation NoVoice, a sophisticated Android rootkit affecting 2.3 million Google Play users; a ChatGPT vulnerability that leaked user data via DNS exfiltration; and a ransomware attack on a North Dakota water treatment facility. Additional stories include a €31.8M fine against Italian bank Intesa Sanpaolo, a high-severity Symantec DLP vulnerability, and the FBI classifying a breach of its wiretap infrastructure as a major national security incident reportedly linked to Chinese state-sponsored actors.

Full text

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: New Android malware targets mobile banking users A sophisticated new Android banking trojan named Mirax can be rented by cybercriminals for up to $3,000 per month. The malware enables users to gain remote control over devices and includes specialized overlays for more than 700 different financial applications. This toolkit allows attackers to bypass security measures and steal sensitive information. Italy fines Intesa Sanpaolo $36 million over massive data security lapseAdvertisement. Scroll to continue reading. The Italian data protection authority has ordered Intesa Sanpaolo, the country’s biggest bank, to pay 31.8 million euros ($36 million) following a significant breach that exposed customer information. Investigators found that the bank failed to implement adequate technical safeguards, allowing an employee to illegally access thousands of private accounts for more than two years. Apple updates Mac security to combat ClickFix attacks Apple has introduced a new warning within the macOS Terminal to protect users from ClickFix campaigns that trick people into running malicious code. These social engineering attacks often use fake browser error messages to convince victims to copy and paste dangerous scripts directly into their systems. Apple is now trying to protect users by flagging suspicious commands before they execute. Secret side channel found in ChatGPT code execution environment Researchers at Check Point have discovered a vulnerability that allowed ChatGPT to silently leak sensitive user data to external servers. The flaw exploited the platform’s code execution runtime, using DNS queries as a hidden outbound channel to bypass standard security filters and data sharing warnings. By encoding information like conversation history or uploaded files into these background requests, an attacker could exfiltrate private data without the user ever receiving a notification or consent prompt. The flaw was patched by OpenAI in February. High-severity vulnerability patched in Symantec product Broadcom has issued a patch for a high-severity vulnerability in Symantec Data Loss Prevention (DLP) products. The flaw, identified as CVE-2026-3991, could allow a local attacker to bypass security restrictions and gain elevated privileges on a compromised system. Security teams are advised to upgrade to the latest versions, including DLP 16.1 MP2 or 25.1 MP1. This appears to be the first publicly disclosed Symantec vulnerability of 2026. North Dakota water facility hit by cyberattack The city of Minot recently confirmed that its water treatment plant was targeted by a ransomware attack on March 14. Staff immediately disconnected the affected systems and transitioned to manual operations for 16 hours to ensure the water supply remained safe. Recent FBI hack classified as major incident The FBI has officially classified a breach of its lawful wiretap infrastructure as a major incident, indicating it poses significant national security risks. State-sponsored Chinese hackers are reportedly the primary suspects. Politico reported that the hackers broke in through a commercial ISP’s infrastructure. The compromised system stored “returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations”. Nissan data theft linked to external supplier Nissan has confirmed that information recently leaked online was stolen from a third-party vendor rather than through a direct breach of its own internal systems. The announcement follows threats from the Everest ransomware group, which claimed to have accessed sensitive corporate data and issued an ultimatum for payment. Maryland man charged in massive crypto heist A Maryland resident has been charged in connection with a massive cryptocurrency heist. Jonathan Spalletta is accused of stealing more than $50 million from the Uranium cryptocurrency exchange in 2021 through a series of smart contract exploits. The hack led to Uranium’s shutdown. Investigators have already seized approximately $31 million in stolen funds, while noting that the defendant used other portions of the haul to purchase luxury collectibles and rare trading cards. Android rootkit may have infected millions via Google Play Security researchers at McAfee have uncovered a sophisticated Android malware campaign called Operation NoVoice. The malware was identified in over 50 apps on Google Play, which had a total download count of 2.3 million. The NoVoice malware uses vulnerabilities patched in Android between 2016 and 2021 to install a persistent rootkit that can survive a factory reset, allowing attackers to inject malicious code into every app on the phone. Once established, the malware grants full control of the device, enabling attackers to steal valuable data. Related: In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline Related: In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting Written By SecurityWeek News More from SecurityWeek News Variance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsWebinar Today: Agentic AI vs. Identity’s Last Mile ProblemIn Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum DeadlineRSAC 2026 Conference Announcements Summary (Days 3-4)RSAC 2026 Conference Announcements Summary (Day 2)RSAC 2026 Conference Announcements Summary (Day 1)Webinar: Putting CIS Controls and Benchmarks into PracticeRSAC 2026 Conference Announcements Summary (Pre-Event) Latest News TrueConf Zero-Day Exploited in Asian Government AttacksCritical ShareFile Flaws Lead to Unauthenticated RCEMobile Attack Surface Expands as Enterprises Lose ControlReact2Shell Exploited in Large-Scale Credential Harvesting CampaignT-Mobile Sets the Record Straight on Latest Data Breach FilingNorth Korean Hackers Drain $285 Million From Drift in 10 SecondsCritical Vulnerability in Claude Code Emerges Days After Source LeakApple Rolls Out DarkSword Exploit Protection to More Devices Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveScott Goree has been appointed Senior Vice President of Channel and Alliances at Delinea.Kai has named Nick Degnan as Chief Revenue Officer.Joe Sullivan has been appointed Strategic Advisor at cloud security firm Upwind.More People On The MoveExpert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-l

Indicators of Compromise

• malware — Mirax
• malware — Operation NoVoice
• malware — Everest
• cve — CVE-2026-3991

Entities