Security news.
Today's security news highlights a critical Chrome zero-day under active exploitation, alongside a significant Android malware campaign impacting millions. Phishing remains a prevalent threat, with new services and impersonation tactics targeting Microsoft accounts and CERT-UA users.
CISA Adds Chrome Zero-Day to KEV Catalog
CISA has added CVE-2026-5281, a use-after-free vulnerability in Google Chrome's Dawn component, to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
'NoVoice' Android Malware Infected 2.3 Million Devices
A new Android malware, NoVoice, was discovered hidden in over 50 Google Play apps, impacting at least 2.3 million downloads.
EvilTokens Service Fuels Microsoft Device Code Phishing
A new malicious kit, EvilTokens, offers advanced device code phishing capabilities to hijack Microsoft accounts and facilitate business email compromise attacks.
CERT-UA Impersonation Campaign Spreads AGEWHEEZE Malware
A phishing campaign impersonated Ukraine's CERT-UA to distribute the AGEWHEEZE remote administration tool to an estimated 1 million email recipients.
Toy Giant Hasbro Hit by Cyberattack
Hasbro is investigating a cyberattack, including the scope of the incident and potential data compromise.
New DeepLoad Malware Dropped in ClickFix Attacks
DeepLoad malware is being used in ClickFix attacks to steal credentials, install malicious browser extensions, and spread via USB drives.
Microsoft Warns of WhatsApp-Delivered VBS Malware
Microsoft has issued a warning about a new campaign leveraging WhatsApp messages to distribute malicious VBS files to hijack Windows systems via UAC bypass.
FBI Warns Against Chinese Mobile Apps Due to Privacy Risks
The FBI has cautioned Americans about potential data security risks associated with using foreign-developed mobile applications, specifically those from Chinese developers.