Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors gained unauthorized access to Nextend’s update infrastructure for the Smart Slider 3 Pro WordPress plugin and distributed a fully attacker-authored build through the official update channel, with any site that updated between its release on April 7, 2026, and detection approximately six hours later receiving a fully weaponized remote access toolkit. The malicious update deployed a sophisticated multi-layered persistence toolkit capable of creating hidden administrator accounts, installing redundant backdoors across must-use plugins and theme files, and exfiltrating full credentials and site metadata to an attacker-controlled C2 domain. Sites that installed version 3.5.1.35 Pro should update to 3.5.1.36 immediately and follow Nextend’s published cleanup checklist to remove all persistence artifacts.
CPUID Hacked to Deliver Malware via CPU-Z, HWMonitor Downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools, which have millions of users who rely on them for tracking the physical health of internal computer hardware and for comprehensive system specifications. The poisoned downloads delivered a trojanized installer bundling a legitimate signed executable alongside a malicious DLL used for DLL sideloading, C2 connectivity, and further payload execution. CPUID confirmed the compromise lasted approximately six hours between April 9 and April 10, noting it occurred while the main developer was away on holiday, and the issue has since been resolved with clean versions now being served.
Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621
Adobe released emergency updates to address a critical vulnerability tracked as CVE-2026-34621 (CVSS score of 8.6) in Adobe Acrobat Reader, which is being actively exploited and could allow attackers to execute malicious code on affected systems, making prompt patching essential. The flaw is a prototype pollution issue in JavaScript exploited via specially crafted PDFs that silently run obfuscated JavaScript to harvest sensitive local files and beacon data to attacker infrastructure — with evidence suggesting it may have been active since December 2025. Adobe has rated this a Priority 1 update and credited researcher Haifei Li of EXPMON for its discovery; all Acrobat and Reader users on Windows and macOS should update immediately.
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
Microsoft security researchers discovered that the EngageLab SDK — a third-party Android push notification library integrated by developers into mobile apps — is affected by a severe vulnerability that could expose highly sensitive information, with the SDK used by crypto wallet apps that have a total of more than 30 million installations. The intent redirection vulnerability allowed a malicious app on the same device to exploit EngageLab’s trusted permissions to access internal directories of affected wallet apps, potentially exposing private keys and credentials. Microsoft notified EngageLab in April 2025, a patch was released in November 2025 with version 5.2.1, and all detected crypto wallet apps using vulnerable SDK versions have been removed from Google Play.
Bitcoin Depot Reports $3.6M Crypto Theft After System Breach
A cyber-attack on Bitcoin Depot’s internal systems resulted in the theft of more than 50 Bitcoin valued at approximately $3.66m, with the company detecting unauthorized access to parts of its IT infrastructure on March 23 and attackers having already gained access to credentials linked to digital asset settlement accounts, allowing them to transfer 50.903 Bitcoin out of company-controlled wallets before being blocked. Bitcoin Depot, which operates over 25,000 Bitcoin ATMs globally, said customer-facing platforms and data were not affected, though it described the incident as material and cautioned that cyber insurance may not fully cover the losses. The investigation remains ongoing with external cybersecurity specialists and law enforcement engaged, following a separate data breach in 2025 that exposed personal information on nearly 26,000 individuals.
