Apr 02, 2026 · #14 episode artwork

EPISODE · Apr 2, 2026 · 4 MIN

Apr 02, 2026 · #14

from Security Brief Daily · host Security Brief Daily

Episode 14 — 02 Apr 2026 1. Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Source: Bleeping Computer Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. BIG-IP APM (short for Access Policy Manager) is F5's centralized access... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. Hackers exploit TrueConf zero-day to push malicious software updates Source: Bleeping Computer Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. The flaw is tracked as CVE-2026-3502 and received a medium severity score. It stems from a missing... 4. Google fixes fourth Chrome zero-day exploited in attacks in 2026 Source: Bleeping Computer Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security... 5. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 6. Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass Source: The Hacker News Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing... 7. Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures Source: The Hacker News A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian... 8. CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails Source: The Hacker News The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors,...

Episode 14 — 02 Apr 2026 1. Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Source: Bleeping Computer Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. BIG-IP APM (short for Access Policy Manager) is F5's centralized access... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. Hackers exploit TrueConf zero-day to push malicious software updates Source: Bleeping Computer Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. The flaw is tracked as CVE-2026-3502 and received a medium severity score. It stems from a missing... 4. Google fixes fourth Chrome zero-day exploited in attacks in 2026 Source: Bleeping Computer Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security... 5. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 6. Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass Source: The Hacker News Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing... 7. Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures Source: The Hacker News A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian... 8. CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails Source: The Hacker News The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors,...

NOW PLAYING

Apr 02, 2026 · #14

0:00 4:29

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 4 minutes long.

When was this Security Brief Daily episode published?

This episode was published on April 2, 2026.

What is this episode about?

Episode 14 — 02 Apr 2026 1. Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Source: Bleeping Computer Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!