Find notable cyber news and cases, enriched with sources, timelines, and signals.

EngageLab SDK intent redirection security flaw

Vulnerability
First reported
Last updated
Happening score
H score 29
2 unique sources, 2 articles

Summary

Hide ▲

A now-patched intent redirection vulnerability in the EngageLab SDK could let malicious apps bypass the Android security sandbox and access private data in apps using the SDK. The flaw was identified in version 4.5.4 and later fixed in version 5.2.1 after responsible disclosure in April 2025. Microsoft said the issue affected apps in the cryptocurrency and digital wallet ecosystem, with more than 30 million installations among wallet apps alone.

Related Happenings

Microsoft 365 Android apps token-sharing flaw (multiple vulnerabilities)

Vulnerability
H score21 First: 03.06.2026 17:56 Last: 03.06.2026 17:56 Sources 1

About this happening: **Microsoft 365 Android apps** were exposed by a leftover **setIsDebugMode(true)** flag that let same-device apps steal account tokens and act as the signed-in user. The flaw coul...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
H score34 First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)

Vulnerability
H score55 First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
H score29 First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Timeline

  1. 09.04.2026 20:26 2 articles · 3mo ago

    Microsoft reports EngageLab SDK intent redirection flaw

    Initial Disclosure

    Microsoft Defender Security Research Team said an intent redirection flaw in EngageLab SDK for Android could let a malicious app bypass the Android security sandbox and access private data in apps using the SDK, including cryptocurrency and digital wallet apps with more than 30 million installations; Microsoft said EngageLab released version 5.2.1 in November 2025 after responsible disclosure in April 2025, and all vulnerable apps detected were removed from the Google Play Store.

    Show sources