Daily Security Briefing #212

April 2, 2026 | Read Online

Critical vulnerabilities exposed, US government iPhone hacking tool leaked, and Iranian hacker group Handal claims breach of Israeli defense firm…

Executive Summary

The cybersecurity landscape continues to evolve with new threats emerging daily. This week’s top stories highlight critical vulnerabilities in popular software, a sophisticated iPhone hacking toolkit allegedly used by the US government, and a major data breach involving an Israeli defense contractor. Meanwhile, researchers have uncovered a large-scale credential harvesting operation and a massive Android malware campaign on the Google Play Store.

Top Articles

US Bans All Foreign-Made Consumer Routers The US Executive Branch has banned all foreign-made consumer routers due to supply chain vulnerabilities that could disrupt critical infrastructure and national defense. Schneier

Possible US Government iPhone Hacking Tool Leaked Security researchers at Google have released a report describing “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all defenses. Schneier

Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm Handala, a recognized Iranian nation-state threat actor, claims to have successfully breached PSK Wind Technologies, a key Israeli defense contractor. GBHackers

CISA Alerts on Chrome Zero-Day Exploit Actively Used in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Google Chrome and Chromium-based browsers. CyberPress

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials and more. The Hacker News

NoVoice Campaign On Google Play Puts Millions Of Android Users At Risk Cybersecurity researchers at McAfee have uncovered a massive and highly dangerous Android malware campaign dubbed “Operation NoVoice” on the Google Play Store. CyberPress

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that could allow an unauthenticated, remote attacker to gain access with elevated privileges. The Hacker News

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay Advanced persistent threats (APTs) have been changing tactics, and static indicators of compromise (IoCs) for the BPFDoor have been widely deployed. New research from Rapid7 Labs has uncovered undocumented features leading to 7 new BPFDoor variants. Rapid7

vSphere and BRICKSTORM Malware: A Defender’s Guide This post explores the evolving threats facing virtualized environments, specifically targeting VMware vSphere ecosystem. Essential hardening strategies and mitigating controls are discussed to secure critical assets. Google Cloud Blog

Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Threat actors begin preparing their infrastructure months in advance for tax-related attacks. A surge in malicious tax-related domains has been observed between September 2025 and February 2026. Checkpoint Research

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.