DJBSEC's CyberNews 2026-04-02

Created in April 02, 2026

2026   ·   Daily News   ·   News

EvilTokens Service Powers Microsoft Device Code Phishing Campaigns

A new phishing-as-a-service platform called EvilTokens is enabling large-scale Microsoft device code phishing attacks. The service automates the process of tricking users into entering legitimate authentication codes, allowing attackers to hijack sessions without stealing passwords. Because it leverages trusted Microsoft authentication workflows, the attacks are difficult to detect with traditional security tools. This lowers the barrier for cybercriminals to carry out advanced identity-based attacks. Organizations are urged to restrict device code flows and monitor authentication activity closely.
Read More

Novoice Android Malware Infects 23 Million Devices via Google Play

The Novoice Android malware campaign has infected over 23 million devices through malicious apps distributed on Google Play. The apps appeared legitimate but secretly delivered malware capable of displaying intrusive ads and potentially collecting user data. This highlights ongoing risks within official app stores despite security controls. Google has removed the affected apps, but many devices remain compromised. Users are advised to uninstall suspicious apps and keep devices updated.
Read More

AI Tools Discover Zero-Day Exploits in Vim and GNU Emacs

Researchers using AI tools, including Claude Code, have discovered zero-day vulnerabilities in widely used editors Vim and GNU Emacs. The findings demonstrate how AI can accelerate vulnerability discovery in critical software. While beneficial for security research, this capability also raises concerns about attackers using AI to find exploits faster. The vulnerabilities could potentially be used to execute malicious code on affected systems. Developers are working on patches to address the issues.
Read More

LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts

A phishing campaign targeting LinkedIn users is using fake notifications to trick victims into revealing credentials. The messages mimic legitimate alerts, prompting users to click on malicious links. Once credentials are entered, attackers can take over accounts and use them for further scams. The campaign leverages trust in professional networking platforms to increase success rates. Users are advised to verify notifications and enable multi-factor authentication.
Read More

Cyberattacks Surge Against Latin American Governments

Governments across Latin America are experiencing a surge in cyberattacks targeting critical systems and data. Threat actors are exploiting vulnerabilities and using phishing campaigns to gain access. These attacks are disrupting public services and raising concerns about national security. The increase reflects a broader trend of targeting government institutions worldwide. Experts emphasize the need for stronger defenses and international cooperation.
Read More

Google Vertex AI Vulnerability Exposes Cloud Risks

A vulnerability in Google’s Vertex AI platform could allow attackers to exploit cloud-based AI services. The flaw may enable unauthorized access to sensitive data or manipulation of AI processes. As organizations increasingly rely on AI in the cloud, such vulnerabilities present significant risks. Google has taken steps to address the issue. Users are encouraged to review configurations and apply updates.
Read More

CTRL Tool Enables RDP Session Hijacking

A tool known as CTRL is being used by attackers to hijack Remote Desktop Protocol (RDP) sessions. By exploiting weaknesses in session handling, attackers can take control of active sessions without needing credentials. This technique allows for stealthy lateral movement within networks. RDP remains a common attack vector due to widespread use. Organizations should secure RDP access and monitor for unusual session activity.
Read More

WhatsApp Malware Campaign Uses VBS Files for Persistence

A malware campaign is spreading through WhatsApp using malicious VBS files to gain persistent access to systems. Victims are tricked into opening files that execute scripts and install malware. Once installed, the malware can maintain access and perform further malicious actions. The campaign highlights how messaging platforms are being used for malware distribution. Users should avoid opening unexpected files and verify sources.
Read More

Google Fixes Fourth Chrome Zero-Day of 2026

Google has patched its fourth actively exploited Chrome zero-day vulnerability of 2026. The flaw was being used in real-world attacks, prompting an urgent update. Zero-day vulnerabilities are particularly dangerous because they are exploited before patches are available. Google is urging users to update their browsers immediately. This trend highlights the ongoing targeting of widely used software.
Read More

Microsoft Releases Emergency Windows 11 Update

Microsoft has issued an emergency update for Windows 11 to address critical bugs and security issues. The update aims to fix vulnerabilities that could impact system stability and security. Out-of-band updates indicate the severity of the issues being addressed. Users are encouraged to install updates promptly. Keeping systems updated remains a key defense against cyber threats.
Read More

Microsoft Removes EXIF Data in Teams to Prevent Data Leakage

Microsoft has implemented changes in Teams to remove EXIF metadata from images to prevent potential data leakage. EXIF data can contain sensitive information such as location details and device information. By stripping this data, Microsoft aims to reduce privacy risks. This update reflects growing awareness of metadata as a security concern. Organizations should consider similar measures to protect sensitive information.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-15
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10