EngageLab SDK intent redirection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
A now-patched intent redirection vulnerability in the EngageLab SDK could let malicious apps bypass the Android security sandbox and access private data in apps using the SDK. The flaw was identified in version 4.5.4 and later fixed in version 5.2.1 after responsible disclosure in April 2025. Microsoft said the issue affected apps in the cryptocurrency and digital wallet ecosystem, with more than 30 million installations among wallet apps alone.
Related Happenings
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
Vulnerability
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
WebKit Same Origin Policy bypass (CVE-2026-20643)
Vulnerability
First: 18.03.2026 03:06
Last: 18.03.2026 03:06
Sources 1
About this happening:
Apple fixed **CVE-2026-20643**, a **WebKit** flaw that let malicious web content bypass **Same Origin Policy** on **iPhones, iPads, and Macs**. The bug created a **cross-origin**...
WebKit Same Origin Policy bypass (CVE-2026-20643)
VulnerabilityAbout this happening: Apple fixed **CVE-2026-20643**, a **WebKit** flaw that let malicious web content bypass **Same Origin Policy** on **iPhones, iPads, and Macs**. The bug created a **cross-origin**...
Latest development: 18.03.2026 08:31
Apple released its first round of Background Security Improvements to address CVE-2026-20643 in WebKit, a cross-origin issue in the Navigation API that could bypass the same-origin policy when processing maliciously crafted web content. The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2, and Apple says it was addressed with improved input validation in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a). Apple also credits security researcher Thomas Espach with discovering and reporting the shortcoming.
Timeline
-
09.04.2026 20:26 2 articles · 1mo ago
Microsoft reports EngageLab SDK intent redirection flaw
Initial DisclosureMicrosoft Defender Security Research Team said an intent redirection flaw in EngageLab SDK for Android could let a malicious app bypass the Android security sandbox and access private data in apps using the SDK, including cryptocurrency and digital wallet apps with more than 30 million installations; Microsoft said EngageLab released version 5.2.1 in November 2025 after responsible disclosure in April 2025, and all vulnerable apps detected were removed from the Google Play Store.
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
- Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users — www.securityweek.com — 10.04.2026 10:33