exploits Archives

AppWizard

April 8, 2026

New Arc Raiders patch takes another swing at Stella floor exploits, and stops you from spontaneously combusting

The Arc Raiders patch version 1.23.0 addresses several issues in the game, including a bug where two Trigger Nades detonating simultaneously caused triple damage, and a clipping issue in Stella Montis where players could pass through walls. The update also fixes a problem where players could catch fire near the locked door in the Medical Research area. Additionally, it resolves bugs that previously trapped players on small platforms during looting, allowing for safer gameplay. Players are advised to restart their games if the update does not appear immediately.

Winsage

April 8, 2026

Microsoft Rolls Out New Defender Update for Windows 11, 10, and Server Images

Microsoft released a security intelligence update for Microsoft Defender Antivirus on April 7, 2026, enhancing protection for Windows 11, Windows 10, and Windows Server. The update introduces refined threat detection capabilities to combat malware and zero-day attacks, utilizing advanced detection logic and cloud-based protection. The security intelligence version is 1.447.209.0, engine version is 1.1.26020.3, and platform version is 4.18.26020.6. Updates are automatically delivered via Windows Update, but can also be manually initiated or deployed using standalone installer packages. The update supports legacy platforms, including Windows 7 and Windows 8.1, provided they have SHA-2 code signing support enabled. Additionally, updates to the Network Inspection System (NIS) are available for certain environments.

AppWizard

April 8, 2026

The FBI Warns That Foreign Cybercriminals Have Targeted Messaging App Users

Cybercriminals connected to Russian intelligence are conducting a large phishing campaign targeting messaging applications, impacting thousands of accounts worldwide. A joint advisory from the FBI and CISA reveals that these attacks focus on individuals with access to sensitive information, including government officials, military personnel, political figures, and journalists. The campaign relies on deception, with attackers impersonating official support channels on platforms like Signal, sending messages that prompt victims to click malicious links or provide confidential information. Victims who comply risk losing control of their accounts, allowing attackers to read private messages and access contact lists. This trend has been observed not only in the U.S. but also in the Netherlands, where similar tactics are used against government employees. The FBI notes that the security of the messaging apps is not the issue; rather, the vulnerability lies in human error. The rise of social engineering tactics poses a risk to both high-profile individuals and potentially everyday users, and users are advised to be cautious with unsolicited messages and not to share sensitive information.

AppWizard

April 6, 2026

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.

AppWizard

April 3, 2026

2.3 Million Users Affected by New Android Malware Hid in 50 Google Play Apps

Google has imposed strict restrictions on sideloading applications on Android devices due to concerns about risks from external sources. A new malware named NoVoice has been discovered on Google Play, embedded in over 50 applications with at least 2.3 million downloads, potentially compromising that many devices. The malware seeks root access by exploiting vulnerabilities in older Android versions and can steal sensitive data and install/remove apps without consent. It is difficult to remove, as it installs recovery scripts that survive factory resets. However, Google has stated that devices updated since May 2021 are protected against this threat, and Google Play Protect removes these apps and blocks new installs. Users with devices updated after May 2021 are considered safe, while those with infected apps should consider their devices compromised.

AppWizard

April 3, 2026

Google Responds As 50 Apps With 2 Million Downloads Hit By Malware

Researchers at McAfee Labs discovered that 50 Android applications on the Google Play Store contain malware known as NoVoice, which can grant full remote access to infected smartphones. These apps have over 2.3 million downloads. The malware can communicate with remote servers, profile devices, and download tailored root exploits, potentially compromising specific hardware and software configurations. However, devices with an Android security patch level of May 2021 or later are not vulnerable to these exploits, as the vulnerabilities were patched by Android between 2016 and 2021. Google Play Protect removes these apps and blocks new installs, and users are advised to keep their devices updated with the latest security patches.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

Winsage

April 2, 2026

Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh

The Secure Boot certificates used by the Unified Extensible Firmware Interface (UEFI) on Windows PCs will expire in late June 2026. Microsoft is rolling out updated certificates through Windows Update to ensure user protection. Starting in April 2026, users can check their device's status in the Windows Security app, which will feature a color-coded badge system: - Green Checkmark: New certificates are installed, no action needed. - Yellow Caution Badge: Update pending or blocked due to hardware/firmware issues (expected in May 2026). - Red Stop Icon: Alerts users that older certificates are expiring, potentially preventing essential boot-level security updates (may appear as early as June 2026). The status will also be indicated in the Windows Security system tray icon. Most users will have a seamless update process by keeping Windows Update enabled, with devices from 2025 and many from 2024 covered. Older machines will receive updates gradually, guided by major OEMs. Microsoft advises against ignoring yellow or red warnings, as devices without updated certificates may be vulnerable to security threats and incompatible with future Windows updates. A support resource is available at aka.ms/getsecureboot.

AppWizard

April 2, 2026

‘This rootkit is highly persistent; a standard factory reset will not remove it’: “NoVoice” Android malware on Google Play infects 50 apps across 2.3 million devices, here’s what we know

Researchers at McAfee have identified a malware strain named NoVoice that has infiltrated over 50 applications on the Google Play Store, leading to more than 2.3 million downloads. NoVoice exploits vulnerabilities in older Android kernels and GPU architectures, remaining active even after factory resets. It can inject malicious code into applications like WhatsApp, allowing it to hijack user sessions and spy on private conversations. Google has removed the affected applications, but the malware continues to pose a threat to already compromised devices.

AppWizard

April 1, 2026

‘NoVoice’ Android malware on Google Play infected 2.3 million devices

A new Android malware called NoVoice has been found in over 50 applications on Google Play, with more than 2.3 million downloads. The malware targets older Android versions, specifically those patched between 2016 and 2021, and attempts to gain root access by exploiting vulnerabilities. It conceals malicious components within the com.facebook.utils package and uses steganography to hide an encrypted payload within a PNG image file. NoVoice avoids infecting devices in certain regions and has checks to detect emulators and VPNs. Once activated, the malware contacts its command-and-control server to gather device information and polls it every 60 seconds for tailored exploits aimed at rooting the device. It can exploit 22 vulnerabilities, including kernel bugs, and establishes persistence by replacing key system libraries and installing recovery scripts. The malware injects code into applications, particularly targeting WhatsApp to extract sensitive data for session replication, which is then exfiltrated to the C2 server. The malicious apps containing NoVoice have been removed from Google Play, but users who installed them should consider their devices compromised. Upgrading to devices with later security patches is recommended to mitigate the threat.