Find notable cyber news and cases, enriched with sources, timelines, and signals.

EngageLab SDK version 5.2.1 patch release

Security Patch Release
First reported
Last updated
Happening score
H score 27
2 unique sources, 2 articles

Summary

Hide ▲

EngageLab released version 5.2.1 to fix the EngageLab SDK flaw affecting Android apps that used vulnerable integrations. The update closed an intent redirection issue that could let a malicious app bypass the Android security sandbox and reach private data. The patch followed responsible disclosure in April 2025 and matters because the SDK was embedded in apps across the Android ecosystem, including high-value wallet software.

Related Happenings

Google Play Protect adds warnings and app disabling for compromised SDK abuse

Security Tool/Service
H score11 First: 03.07.2026 12:35 Last: 03.07.2026 12:35 Sources 1

About this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...

Google Android Developer Verifier enforcement rollout for verified app installs

Security Tool/Service
H score14 First: 22.06.2026 15:45 Last: 22.06.2026 15:45 Sources 1

About this happening: Google is **enforcing Android developer verification** on **September 30, 2026**, blocking normal installs of unverified apps on certified Android phones in **Brazil, Indonesia, S...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
H score34 First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
H score29 First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Timeline

  1. 09.04.2026 20:26 2 articles · 3mo ago

    EngageLab SDK version 5.2.1 patch release

    Initial Disclosure

    After responsible disclosure, **EngageLab** issued **version 5.2.1** in **November 2025** to remediate the Android SDK weakness. The patch is the fixed release for apps integrating the vulnerable SDK.

    Show sources