← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights a critical Chrome zero-day under active exploitation, alongside a significant Android malware campaign impacting millions. Phishing remains a prevalent threat, with new services and impersonation tactics targeting Microsoft accounts and CERT-UA users.

CISAZERO-DAY
Apr 1READ

CISA Adds Chrome Zero-Day to KEV Catalog

CISA has added CVE-2026-5281, a use-after-free vulnerability in Google Chrome's Dawn component, to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

BLEEPINGMALWARE
Apr 1READ

'NoVoice' Android Malware Infected 2.3 Million Devices

A new Android malware, NoVoice, was discovered hidden in over 50 Google Play apps, impacting at least 2.3 million downloads.

BLEEPINGPHISHING
Apr 1READ

EvilTokens Service Fuels Microsoft Device Code Phishing

A new malicious kit, EvilTokens, offers advanced device code phishing capabilities to hijack Microsoft accounts and facilitate business email compromise attacks.

THNMALWARE
Apr 1READ

CERT-UA Impersonation Campaign Spreads AGEWHEEZE Malware

A phishing campaign impersonated Ukraine's CERT-UA to distribute the AGEWHEEZE remote administration tool to an estimated 1 million email recipients.

SECURITYWEEK
Apr 1READ

Toy Giant Hasbro Hit by Cyberattack

Hasbro is investigating a cyberattack, including the scope of the incident and potential data compromise.

SECURITYWEEKMALWARE
Apr 1READ

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware is being used in ClickFix attacks to steal credentials, install malicious browser extensions, and spread via USB drives.

THNMALWARE
Apr 1READ

Microsoft Warns of WhatsApp-Delivered VBS Malware

Microsoft has issued a warning about a new campaign leveraging WhatsApp messages to distribute malicious VBS files to hijack Windows systems via UAC bypass.

BLEEPINGPRIVACY
Apr 1READ

FBI Warns Against Chinese Mobile Apps Due to Privacy Risks

The FBI has cautioned Americans about potential data security risks associated with using foreign-developed mobile applications, specifically those from Chinese developers.

Generated twice daily from public security RSS feeds. Informational only.