CyberNews: 01/04/2026 Edition

Today’s roundup

Summary

Google has addressed a fourth Chrome zero-day vulnerability (CVE-2026-XXXX) that has been actively exploited in attacks since the beginning of 2026. This critical flaw highlights the ongoing threat of advanced persistent threats targeting widely used web browsers.

A high-severity zero-day vulnerability, CVE-2026-3502 (CVSS 7.8), in the TrueConf client video conferencing software is being actively exploited in campaigns against government entities in Southeast Asia. Tracked as "TrueChaos," the flaw involves a lack of integrity checks in application updates, allowing attackers to distribute tampered updates and compromise systems.

Cisco has confirmed a cyberattack where threat actors, utilizing credentials stolen in a recent Trivy supply chain incident, breached its internal development environment. This led to the theft of source code belonging to Cisco and its customers, underscoring significant supply chain and intellectual property risks.

Threat actors compromised the npm account of Axios, a popular JavaScript library, to distribute malicious versions (1.14.1 and 0.30.4) containing a cross-platform Remote Access Trojan (RAT). This supply chain attack, attributed by Google to the North Korean threat group UNC1069, injected a dependency called `plain-crypto-js` to install the RAT on macOS, Windows, and Linux systems. The malware used obfuscation, post-install scripts, and removed its traces to evade detection.

The GIGABYTE Control Center software is vulnerable to an arbitrary file-write flaw. This critical vulnerability could enable a remote, unauthenticated attacker to access files on affected hosts, posing a significant risk to users of Gigabyte hardware.

Security researchers leveraging the Claude AI assistant have discovered remote code execution (RCE) vulnerabilities in the widely used Vim and GNU Emacs text editors. These bugs allow attackers to execute arbitrary code merely by having a user open a crafted file, demonstrating the increasing role of AI in vulnerability discovery.

Iran's Islamic Revolutionary Guard Corps (IRGC) has issued a public threat, announcing intentions to launch cyberattacks against major U.S. technology firms, including Apple, Google, and Microsoft, starting April 1. This escalates geopolitical tensions in the cyber domain.

Apple is taking the unusual step of issuing "backported" patches for iOS 18 to protect millions of iPhone users who remain on that operating system version. This response addresses the active spread of the DarkSword hacking tool, which targets older iOS versions, providing critical fixes beyond mere lock screen warnings.

A new criminal service named "Leak Bazaar" has emerged, aiming to monetize data stolen by ransomware gangs. Positioned as a data-processing business rather than a typical hacking-as-a-service, this platform signifies an evolution in the ransomware ecosystem's monetization strategies.

Research has revealed that most popular free Android VPN applications collect and share personal data, often requesting dangerous permissions beyond their core functionality. Analysis of 18 apps found 17 contained trackers, with some requesting access to cameras, microphones, and precise location, while connecting to servers in high-risk jurisdictions.

Want to dig deeper?

Vulnerabilities