Risk
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
-
Google expands Android binary transparency to verify apps and modules
Google has expanded Android binary transparency for production apps and Mainline modules released after May 1, 2026, adding a public cryptographic ledger meant to confirm that device software matches what was intended to ship.
-
CloudZ malware used Phone Link to target Windows data, researchers say
Researchers said CloudZ malware used a Pheno plugin to abuse Windows Phone Link on Windows 10 and 11, aiming to steal credentials and one-time passwords in an intrusion active since at least January 2026.
-
Palo Alto says PAN-OS flaw is under active exploitation
Palo Alto Networks said a critical PAN-OS buffer overflow flaw is being exploited in the wild and can let unauthenticated attackers run code with root privileges on exposed firewalls.
-
Taiwan student accused of hacking high-speed rail radio system to trigger emergency brakes
A 23-year-old Taiwanese university student was arrested after allegedly using radio equipment to trigger emergency brakes on Taiwan High Speed Rail, stopping four trains for 48 minutes on April 5, according to a local report.
-
Apache fixes critical HTTP/2 flaw that could enable remote code execution
Apache has patched CVE-2026-23918 in HTTP Server 2.4.67, a critical HTTP/2 double free that can cause denial-of-service and, in some setups, remote code execution.
-
DAEMON Tools installers trojanized in supply chain attack, Kaspersky says
DAEMON Tools installers were trojanized in a supply chain attack that affected versions released since April 8, 2026, Kaspersky said. The compromise reached users in more than 100 countries and delivered targeted malware to a small set of hosts.
-
China-linked UAT-8302 targets government networks in South America and Europe
Cisco Talos says China-nexus UAT-8302 targeted government networks in South America and southeastern Europe, using custom malware and tools linked to other China-aligned groups. The group’s initial access method remains unknown.
-
MetInfo CMS flaw under active exploitation after April patch
Threat actors are exploiting a critical MetInfo CMS flaw, CVE-2026-29014, that can enable remote code execution. VulnCheck said activity began on April 25 and intensified on May 1, after MetInfo released patches on April 7.
-
ScarCruft pushes Android BirdCall spyware through game platform
APT37 has been distributing an Android version of its BirdCall backdoor through a gaming platform supply chain attack, according to ESET. The spyware can gather contacts, messages, device data, screenshots and files.
