Chrome Kills Session Theft, SDK Flaw Exposes Millions, Marimo RCE, WordPress Plugin Compromise

THN Daily Updates The Art of Attack: Attacker Mindset for Security Professionals ($30.00 Value) FREE for a Limited Time Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers Download Now Sponsored LATEST NEWS Apr 10, 2026 Browser Extensions Are the New AI Consumption Channel That No One Is Talking About While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from L... Read More Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The p... Read More Survey Report: The Ransomware Gap in the AI Era We asked 100 security leaders about ransomware. The survey findings in our recent report will surprise you. Read More Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The v... Read More Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35... Read More EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wall... Read More UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-bas... Read More ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" mome... Read More The Art of Attack: Attacker Mindset for Security Professionals ($30.00 Value) FREE for a Limited Time Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers Download Now Sponsored This email was sent to edwardlorilla1998.tower@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi