🖋️ EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Details have emerged about a nowpatched security vulnerability in a widely used thirdparty Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A previously undocumented threat cluster dubbed UAT10362 has been attributed to spearphishing campaigns targeting Taiwanese nongovernmental organizations NGOs and suspected universities to deploy a new Luabased malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rustcompiled libraries within a dynamiclink library DLL to download and.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zerodays, but the kind that matter more in.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A critical security vulnerability in Marimo, an opensource Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE202639987 CVSS score 9.3, a preauthenticated remote code execution vulnerability impacting all versions of Marimo prior to and including.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Qilin, Akira and Dragonforce were responsible for 40 of 672 ransomware incidents reported in March, says Check Point.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Details have emerged about a nowpatched security vulnerability in a widely used thirdparty Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Chromes Device Bound Session Credentials is designed to block infostealers from harvesting session cookie.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A previously undocumented threat cluster dubbed UAT10362 has been attributed to spearphishing campaigns targeting Taiwanese nongovernmental organizations NGOs and suspected universities to deploy a new Luabased malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rustcompiled libraries within a dynamiclink library DLL to download and.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 STX RAT Targets Finance Sector With Advanced Stealth Tactics 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
🖋️ ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zerodays, but the kind that matter more in.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Bitcoin Depot Reports $3.6m Crypto Theft After System Breach 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Bitcoin Depot has disclosed a cyberattack that led to the theft of more than 50 Bitcoin, worth 3.66m, after hackers accessed its internal systems.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
📔 Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Qilin, Akira and Dragonforce were responsible for 40 of 672 ransomware incidents reported in March, says Check Point.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead
📔 Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Chromes Device Bound Session Credentials is designed to block infostealers from harvesting session cookie.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦅 When Geopolitical Conflict Spills into Cyberspace — How US Organizations Should Respond 🦅
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
Modern conflict no longer begins with troops crossing borders it often starts with packets crossing networks. For example, the escalation on February 28, 2026, involving Iran, the United States, and Israel gives insights on how quickly geopolitical cyber threats can evolve into fullspectrum confrontations. What unfolded was not just a regional clash but a preview of how cyber warfare attacks now operate alongside missiles, drones, and information campaigns. In this environment, cybersecurity for US organizations can no longer be treated as a purely technical function. It has become a matter of strategic resilience. Nationstate cyberattacks are synchronized with realworld conflict, creating ripple effects that extend far beyond the immediate battlefield. Cyber Warfare Attacks Mee...📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
Cyble
Cyber Warfare Attacks: Hybrid Conflict & Global Cyber Risk
Cyber warfare attacks during 2026 Iran-US-Israel conflict show how cyber warfare attacks merge with kinetic strikes and disrupt infrastructure global.
📔 STX RAT Targets Finance Sector With Advanced Stealth Tactics 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
📔 Bitcoin Depot Reports $3.6m Crypto Theft After System Breach 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Bitcoin Depot has disclosed a cyberattack that led to the theft of more than 50 Bitcoin, worth 3.66m, after hackers accessed its internal systems.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
❤1
📔 Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead
❤1
🦿 Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed 🦿
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft ThirdParty Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic.📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
TechRepublic
Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data.