ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Multiple critical threats are actively exploiting enterprise and consumer systems. Progress ShareFile has pre-authenticated RCE chains in the wild, the NoVoice Android rootkit has compromised 2.3M+ devices across 50+ apps, and state actors are deploying sophisticated evasion techniques including CloudTrail tampering. Organizations running ShareFile, Android-based infrastructure, and AWS environments are at immediate risk.

CRITICALAdvisoryApr 04, 2026

Action required

Immediately patch Progress ShareFile to the latest version and audit access logs for exploitation attempts. Scan for NoVoice indicators in mobile device inventory and block identified malicious apps. Review CloudTrail logs for delete/disable events and implement immutable logging to detect AWS environment tampering.

Affected products

ProgressProgress ShareFileStorage Zone ControllerGoogleMcAfee Labs

Linked articles

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Source links

https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html