[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:threatsday-bulletin-pre-auth-chains-android-rootkits-cloudtrail-evasion-10-more--mnkcn428":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"22df9cb0-957d-4b63-bce5-33595da5b963","ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories","threatsday-bulletin-pre-auth-chains-android-rootkits-cloudtrail-evasion-10-more--mnkcn428","Multiple critical threats are actively exploiting enterprise and consumer systems. Progress ShareFile has pre-authenticated RCE chains in the wild, the NoVoice Android rootkit has compromised 2.3M+ devices across 50+ apps, and state actors are deploying sophisticated evasion techniques including CloudTrail tampering. Organizations running ShareFile, Android-based infrastructure, and AWS environments are at immediate risk.","critical","advisory",[],[13,14,15,16,17],"Progress","Progress ShareFile","Storage Zone Controller","Google","McAfee Labs","Immediately patch Progress ShareFile to the latest version and audit access logs for exploitation attempts. Scan for NoVoice indicators in mobile device inventory and block identified malicious apps. Review CloudTrail logs for delete\u002Fdisable events and implement immutable logging to detect AWS environment tampering.",[20],"13f11cf1-9f1a-4e69-ad33-0eab77cbda28",null,[23],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fthreatsday-bulletin-pre-auth-chains.html","archived","2026-04-06T13:09:13.862+00:00","2026-04-04T13:09:21.172677+00:00","2026-04-06T14:08:05.246264+00:00",[29],{"id":20,"title":6,"url":23}]