IN this week’s recap, Google has released Chrome security updates patching two actively exploited zero‑days, CVE-2026-3909 in Skia and CVE-2026-3910 in the V8 engine, with exploits already known in the wild and patches rolled out across Windows, macOS and Linux builds. The Top News section also highlights SocksEscort, a proxy botnet that enslaved thousands of routers for fraud, and UNC6426’s use of stolen nx npm package keys to gain AWS admin access within 72 hours, followed by data exfiltration from AWS S3.
KadNap continues the trend of router‑level malware, turning devices into proxy nodes for clandestine traffic, while APT28 is reported to have used a bespoke toolkit alongside BEARDSHELL and COVENANT for espionage.
The roundup also covers a phishing campaign targeting AWS Console credentials, a Chrome extension privilege escalation vulnerability, and a Roundcube exploitation toolkit linked to Russian threat actors, all underscoring the ongoing pressure from browser, supply‑chain and network device compromise in 2026. According to The Hacker News, the breadth of threats remains broad and rapidly evolving, with multiple campaigns exploiting trust in legitimate services and infrastructure.