ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is a concise, no-fluff roundup of active internet threats this week, highlighting chained exploits, resurfaced flaws, stealthy log-evasion techniques, and supply-chain abuses. Quick checks are advised because threats like the NoVoice Android rootkit and unpatched ImageMagick zero-days can silently escalate from small bugs into widescale compromises. #NoVoice #ImageMagick

Keypoints

  • WatchTower Labs disclosed a pre-auth RCE chain in Progress ShareFile (CVE-2026-2699 and CVE-2026-2701) with fixes in Storage Zone Controller 5.12.4 affecting ~30,000 instances.
  • The NoVoice Android rootkit spread via 50+ apps with 2.3M+ downloads, exploiting old Android CVEs to gain root and inject attacker-controlled code.
  • Multiple zero-days in ImageMagick can be chained for remote code execution via single image/PDF uploads, affecting major Linux distros and WordPress and remaining unpatched.
  • Attackers are bypassing AWS CloudTrail by chaining obscure APIs to erase evidence and create β€œinvisible activity zones” that blind logging systems.
  • Open-source supply chain abuse surged (13.6x increase), with npm account takeovers and malicious packages targeting widely used libraries and CI/CD pipelines.

Read More: https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html