zero-day - TrustStrike Labs

vulnerability

CVE-2026-5281

2026-04-01

Google patches fourth Chrome zero-day of 2026 - WebGPU flaw exploited in the wild (CVE-2026-5281)

Google pushed an emergency Chrome update to fix a use-after-free bug in Dawn, the engine behind Chrome's WebGPU graphics standard. CVE-2026-5281 is already being exploited - an attacker who has compromised the browser's renderer process can use a crafted HTML page to execute arbitrary code, potentially escaping Chrome's sandbox. This is the fourth actively exploited Chrome zero-day in 2026, and the third targeting graphics or rendering subsystems. CISA added it to the KEV catalog with an April 15 deadline.

google chrome webgpu dawn zero-day cisa-kev actively-exploited

Check: Update Chrome immediately on all managed endpoints. Also check Edge, Brave, Opera, and Vivaldi - they share the same Chromium codebase.
Affected: Google Chrome prior to 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux). All Chromium-based browsers are affected.
Fix: Update Chrome to 146.0.7680.177/178. Verify auto-update is enabled and not blocked by group policy. Push updates via enterprise management tools. Apply Chromium-based browser patches from Microsoft, Brave, and others as they release.

vulnerability

CVE-2026-3502

2026-03-31

Chinese hackers exploited TrueConf video conferencing zero-day to backdoor Southeast Asian governments (CVE-2026-3502)

Check Point uncovered Operation TrueChaos - a Chinese-nexus espionage campaign that turned a video conferencing platform's update mechanism into a malware delivery system. The attackers compromised a central on-premises TrueConf server used by a government IT department, then swapped the legitimate client update with a weaponized package that deployed the Havoc post-exploitation framework. Every connected government agency pulled the poisoned update automatically, no individual endpoint compromise needed.

trueconf zero-day china espionage supply-chain video-conferencing actively-exploited

Check: Check if your organization uses TrueConf for video conferencing, especially in on-premises deployments.
Affected: TrueConf Windows client versions 8.1.0 through 8.5.2. On-premises deployments are at highest risk since the attack requires control of the TrueConf server.
Fix: Update TrueConf Windows client to version 8.5.3 or later. Audit TrueConf servers for unauthorized modifications. Check endpoints for IOCs: unsigned trueconf_windows_update.exe, files named poweriso.exe or 7z-x64.dll, and connections to 43.134.90.60, 43.134.52.221, or 47.237.15.197.

threat

CVE-2026-20700 CVE-2025-43529 CVE-2025-14174

2026-03-23

DarkSword iOS exploit kit leaked on GitHub - hundreds of millions of unpatched iPhones at risk (CVE-2026-20700)

A government-grade iPhone hacking toolkit called DarkSword was leaked on GitHub on March 23 - and researchers say it's trivially easy to use. Written entirely in HTML and JavaScript, anyone can host it and hack iPhones running iOS 18.4 through 18.7.1. It chains six vulnerabilities including three zero-days for full device takeover, stealing messages, location data, and crypto wallets. Roughly a quarter of all iPhones remain on vulnerable versions.

apple ios iphone zero-day exploit-kit github

Check: Check all company iPhones and iPads for outdated iOS versions.
Affected: iOS 18.4 through 18.7.1. Also iOS 13 through 17.2.1 via the related Coruna exploit kit.
Fix: Update to iOS 18.7.2 or later (or iOS 26.3). Enable Lockdown Mode on high-risk devices. Push MDM policies to enforce updates.