US-CERT is aware of public reports of malware spreading via email. These reports indicate that the malicious email messages contain the subject line “Here you have” or “Just For You” and contain a link to a seemingly legitimate PDF file. If users click on this link, they will be redirected to a malicious website that will prompt them to download and install a screensaver (.scr) file. If they agree to install this file, they will become infected with an email worm that will continue to propagate through their email contacts.
US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks:
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…