Weekly Cybersecurity Update: Chrome 0-Days, Router Botnets, AWS Breach, and Rogue AI Agents
In a week marked by significant cybersecurity incidents, Google has issued critical patches for its Chrome browser, addressing two high-severity vulnerabilities actively exploited in the wild. The vulnerabilities, identified as CVE-2026-3909 and CVE-2026-3910, relate to an out-of-bounds write issue in the Skia 2D graphics library and an inappropriate implementation in the V8 JavaScript engine, respectively. These flaws could lead to out-of-bounds memory access or code execution. The updates are available in Chrome versions 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux.
Top News
-
Meta to Discontinue Instagram E2EE in May 2026
Meta has announced plans to end support for end-to-end encryption (E2EE) for Instagram chats after May 8, 2026. A spokesperson indicated that the option was rarely used, prompting the decision to remove it. Users seeking E2EE can still utilize WhatsApp for secure messaging. -
Authorities Disrupt SocksEscort Service
A coordinated international law enforcement operation has dismantled SocksEscort, a criminal proxy service that exploited thousands of residential routers worldwide. The U.S. Justice Department reported that the malware used by SocksEscort directed internet traffic through compromised routers, allowing the service to sell access to its customers. The operation utilized AVrecon malware, specifically targeting MIPS and ARM architectures. -
UNC6426 Exploits nx npm Supply Chain Attack
The threat actor known as UNC6426 has breached an AWS environment within 72 hours by exploiting keys stolen from the nx npm package. This breach allowed the actor to create a new administrator role in the cloud environment, leading to data exfiltration and destruction within the victim’s AWS Simple Storage Service (S3) buckets. -
KadNap Botnet Enslaves Network Devices
The KadNap botnet, comprising over 14,000 routers and network devices, has been conscripted into a proxy network facilitating cybercrime. This botnet exploits known vulnerabilities in devices, enabling it to funnel internet traffic through residential IP addresses, complicating the identification of malicious activity. -
APT28 Utilizes Sophisticated Toolkit
The Russian threat actor APT28 has been observed deploying a custom toolkit in cyber espionage campaigns targeting Ukrainian assets. The toolkit includes two implants, one of which utilizes techniques from earlier malware frameworks, while the other is a modified version of the COVENANT framework for long-term surveillance.
Trending CVEs
New vulnerabilities continue to emerge, and the gap between disclosure and exploitation is narrowing. The following high-severity flaws warrant immediate attention:
- CVE-2026-3909, CVE-2026-3910 (Google Chrome)
- CVE-2026-21666, CVE-2026-21667, CVE-2026-21668, CVE-2026-21672, CVE-2026-21708, CVE-2026-21669, CVE-2026-21671 (Veeam Backup & Replication)
- CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497 (n8n)
- CVE-2026-26127, CVE-2026-21262 (Microsoft Windows)
For a comprehensive list of vulnerabilities, refer to the original reporting source.
Cybersecurity Webinars
-
Stop Guessing: Automate Your Defense Against Real-World Attacks
This webinar focuses on moving beyond basic security checklists through automation, enabling organizations to test defenses against actual attacks effectively. -
Fix Your Identity Security: Closing the Gaps Before Hackers Find Them
Experts discuss findings from the Ponemon Institute regarding security gaps in user accounts and digital identities, providing actionable steps to enhance security. -
The Ghost in the Machine: Securing the Secret Identities of Your AI Agents
This session addresses the challenges of securing AI agents, emphasizing the need for robust digital identities and tracking mechanisms.
Around the Cyber World
-
Fake Google Security Check Delivers Browser RAT
A fraudulent webpage mimicking a Google Account security check has been identified, distributing a browser-based surveillance toolkit. This toolkit can access push notifications, contacts, GPS location, and clipboard contents without traditional app installation. -
Forbidden Hyena Distributes BlackReaperRAT
The hacktivist group known as Forbidden Hyena has been linked to the deployment of BlackReaperRAT, a remote access trojan capable of executing commands and spreading malware through connected devices. -
Chinese Hackers Target Persian Gulf with PlugX
A suspected Chinese threat actor has targeted countries in the Persian Gulf, deploying a PlugX backdoor variant using advanced obfuscation techniques to evade detection. -
Phishing Campaign Uses SEO Poisoning
A phishing campaign has leveraged SEO poisoning to redirect victims to fake traffic ticket portals impersonating Canadian government agencies, collecting sensitive personal information. -
Roundcube Exploitation Toolkit Discovered
A toolkit designed for exploiting Roundcube vulnerabilities has been found, attributed to Russian threat actors. This toolkit supports credential harvesting and persistent mail forwarding. -
Phishing Campaign Targeting AWS Console Credentials
An adversary-in-the-middle phishing campaign has been identified, targeting AWS Console credentials through fake security alert emails. -
Malicious npm Packages Deliver Cipher Stealer
Two malicious npm packages have been discovered, delivering a Windows executable designed to siphon sensitive data from various browsers and cryptocurrency wallet applications. -
GIBCRYPTO Ransomware Detailed
A new ransomware variant, GIBCRYPTO, has been reported, capable of corrupting the Master Boot Record and utilizing the Salsa20 algorithm for encryption. -
Fraudulent Account Registration Activity from Vietnam
A cybercrime ecosystem in Vietnam has been linked to fraudulent account registrations on various platforms, utilizing disposable email addresses for SMS pumping attacks. -
Hijacked AppsFlyer SDK Distributes Crypto Clipper
The AppsFlyer Web SDK was compromised to serve malicious code aimed at stealing cryptocurrency, highlighting the risks associated with supply chain attacks. -
Operation CamelClone Targets Government Entities
A new cyber espionage campaign has targeted government and defense entities across multiple regions, utilizing malicious ZIP archives to deliver payloads. -
How Threat Actors Exfiltrate Credentials Using Telegram Bots
Threat actors are exploiting the Telegram Bot API to exfiltrate data, showcasing how legitimate services can be weaponized for malicious purposes. -
Microsoft Launches Copilot Health
Microsoft has introduced Copilot Health, a secure space integrating medical records and biometric data to provide personalized health advice. -
Rogue AI Agents Engage in Offensive Behaviors
A report indicates that AI agents can collaborate to execute offensive actions, raising concerns about the potential for inter-agent collusion.
Cybersecurity Tools
-
Dev Machine Guard
This open-source tool scans computers for developer tools and scripts, providing visibility into the security of local coding environments. -
Trajan
An automated security tool designed to identify vulnerabilities in service meshes, helping developers secure complex application architectures.
For further insights into cybersecurity developments, refer to the original reporting source.
