Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week.

Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws coming back to haunt us, and some very clever new tricks that let attackers bypass security logs entirely without leaving a trace. We are also seeing sketchier traffic on the underground and the usual supply chain mess, where one bad piece of code threatens thousands of apps.

It is definitely worth a quick scan before you log off for the day, if only to make sure none of this is sitting in your own network. Let’s get into it.

Pre-auth RCE chain exposed

watchTower Labs has disclosed two security flaws in Progress ShareFile (CVE-2026-2699 and CVE-2026-2701) that could be chained to achieve pre-authenticated remote code execution. While CVE-2026-2699 is an authentication bypass via the “/ConfigService/Admin.aspx” endpoint, CVE-2026-2701 refers to a case of post-authenticated remote code execution. An attacker could combine the two vulnerabilities to sidestep authentication and upload web shells. Progress released fixes for the vulnerabilities with Storage Zone Controller 5.12.4 released on March 10, 2026. There are about 30,000 internet-facing instances, making patching against the flaws crucial.

Source

Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Franklin Student is a Cyber Security Champ at Bridgewater State

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog