This week’s roundup highlights a range of threats and disclosures, from new Android banking and rootkit campaigns to major data breaches, critical patches, and attacks on infrastructure. Notable items include the Mirax banking trojan for hire, the Operation NoVoice rootkit in Google Play, Intesa Sanpaolo’s €31.8M fine, a patched ChatGPT code-execution data‑leak, and a high‑severity CVE in Symantec DLP. #Mirax #OperationNoVoice #IntesaSanpaolo #ChatGPT #CVE-2026-3991
Keypoints
- The Mirax Android banking trojan is now rentable and uses overlays for over 700 financial apps to steal credentials.
- Operation NoVoice deployed a persistent Android rootkit via Google Play apps that can survive factory resets and grant full device control.
- Italy’s data protection authority fined Intesa Sanpaolo €31.8M after an employee accessed thousands of customer accounts for years.
- Researchers found and OpenAI patched a ChatGPT code-execution side channel that could exfiltrate conversation data via DNS requests.
- Broadcom issued a patch for CVE-2026-3991 in Symantec DLP that could allow local privilege escalation and urges immediate upgrades.