Browser/endpoint zero-days escalating (Chrome ZDs + Android rootkit apps + Defender BlueHammer + stealers)
Key Questions
What are the recent Chrome zero-days?
Chrome's 6th zero-day CVE-2026-5281 (UAF/WebGPU) and CVE-2026-4680 are exploited; patch to version 146.0.7680.178 or higher.
What is the Android rootkit app threat?
50 Play Store apps in Operation NoVoice with 2.3M downloads act as rootkits to root and hide malware on Android devices.
What is Defender BlueHammer?
BlueHammer is a public zero-day LPE in Windows Defender using path confusion for SYSTEM access and SAM dumps, with exploit code released by a researcher.
What are Unknown stealers?
Unknown stealers like Void use Steam C2 and dynamic syscalls for stealthy data theft, evading detection.
Any macOS threats noted?
macOS faces ClickFix and AMOS exploits, alongside broader endpoint zero-days affecting billions of users.
Why is patching critical for these zero-days?
High-velocity exploits target browsers and endpoints; Google issued emergency Chrome updates, and hunts are essential until full mitigations.
What Android apps are at risk?
Researchers identified 50 dangerous Android apps secretly hijacking phones, contributing to a 400% surge in AI-powered malware attacks on banking.
Recommendations for endpoint protection?
Update Chrome immediately, scan for rootkit apps, monitor Defender for BlueHammer signs, and conduct hunts for stealers amid escalating zero-day activity.
Chrome 6th ZD CVE-2026-5281 UAF/WebGPU + CVE-2026-4680 exploited; Android 50 Play Store rootkit apps Op NoVoice 2.3M dl; Defender BlueHammer public LPE PoC no patch (TOCTOU/path confusion); Unknown stealers (Void Steam C2); macOS ClickFix AMOS. Patch 146.0.7680.178+. High velocity for billions; hunts critical.