CareCloud breached and more - Apr 5, 2026

Weekly Roundup

Apr 5

Written By RF Wave

Featured

Does your business lose potential revenue due to missed calls or customer no-shows? Does your business have trouble handling the volume of calls? Are your call handlers repeatedly answering basic questions?

If you answer yes to any of the above, we can help! Give us a call at 647-578-9509 or email at inquiries@rfwave.io, and we will work with you to get back revenue that was previously lost.

This Week’s Updates

Breaches

CareCloud has confirmed attackers accessed one of its electronic health record environments on March 16

The Dutch Finance Ministry confirmed a breach of its treasury banking portal

Telehealth giant Hims & Hers warned customers of a data breach

German political party Die Linke confirmed that they were victim of a ransomware attack

CERT-EU confirmed European Commission cloud breach

Vulnerabilities

Citrix confirmed and patched CVE-2026-3055, a critical memory overread flaw in NetScaler ADC/Gateway actively exploited to steal admin session IDs

GIGABYTE confirmed and patched CVE-2026-4415, a critical unauthenticated arbitrary file write flaw in Control Center enabling remote code execution

Vim patched a critical RCE vulnerability (v9.2.0272) that executes arbitrary commands on file open

TrueConf confirmed and patched CVE-2026-3502, an actively exploited zero-day in its update mechanism allowing attackers to push malicious software updates to all connected endpoints; patched in v8.5.3

Google confirmed and patched CVE-2026-5281, a use-after-free zero-day in Chrome's Dawn/WebGPU actively exploited in the wild; update to version 146.0.7680.177/178

Apple expanded iOS 18 security-only updates to additional older iPhone models to block the actively exploited DarkSword exploit kit

Cisco patched two critical flaws — CVE-2026-20093 (IMC auth bypass granting admin access) and CVE-2026-20160 (SSM On-Prem RCE with root privileges) — with no workarounds available

Progress patched CVE-2026-2699 and CVE-2026-2701, two flaws in ShareFile Storage Zone Controller that chain together to enable unauthenticated remote code execution; update to version 5.12.4

F5 confirmed and patched CVE-2025-53521, a critical RCE in BIG-IP APM actively exploited and added to CISA's KEV catalog, with over 14,000 internet-exposed instances still unpatched

vulnerabilitydata breachCareCloudDutch Finance MinistryHims & HersDie LinkEuropean CommisionCitrixAppleCiscoProgressF5GoogleTrueConfVimGIGABYTE

RF Wave

Infinite Campus breached and more - Mar 29, 2026