← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights a critical Adobe Reader zero-day under active exploitation since December, alongside significant data breaches impacting Eurail and crypto ATM giant Bitcoin Depot. Additionally, a widespread vulnerability in the EngageLab SDK exposed data for millions of Android users, including crypto wallets.

ZERO-DAY
READ

Adobe Reader Zero-Day Actively Exploited Since December 2025

A sophisticated zero-day vulnerability in Adobe Reader has been actively exploited via malicious PDF documents since at least December 2025.

BLEEPINGBREACH
Apr 9READ

Eurail Data Breach Impacts 300,000 Individuals

European travel operator Eurail B.V. announced a December 2025 data breach that exposed personal information, including names and passport numbers, for over 300,000 individuals.

BLEEPINGBREACH
Apr 9READ

Bitcoin Depot Suffers $3.6 Million Crypto Theft

Hackers breached Bitcoin Depot's systems, stealing $3.665 million worth of Bitcoin from the crypto ATM giant's wallets last month.

THNBREACH
Apr 9READ

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

A patched vulnerability in the EngageLab Android SDK allowed apps to bypass the Android security sandbox, exposing private data for 50 million users, including 30 million crypto wallets.

BLEEPINGRANSOMWARE
Apr 9READ

Healthcare IT Provider ChipSoft Hit by Ransomware

Dutch healthcare software vendor ChipSoft experienced a ransomware attack, forcing its website and digital services offline.

BLEEPINGBREACH
Apr 9READ

Smart Slider Updates Hijacked to Push Malicious WordPress, Joomla Versions

Hackers compromised the update system for the Smart Slider 3 Pro plugin, distributing malicious versions with multiple backdoors for WordPress and Joomla.

BLEEPINGBREACH
Apr 9READ

Google Chrome Adds Infostealer Protection Against Session Cookie Theft

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows to prevent info-stealing malware from harvesting session cookies.

SECURITYWEEKPATCH
Apr 9READ

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Both Palo Alto Networks and SonicWall have released patches for high-severity vulnerabilities that could allow attackers to modify protected resources and escalate privileges.

Generated twice daily from public security RSS feeds. Informational only.