7:54 pm – June 15, 2026 The cybersecurity landscape continues to be a battleground of innovation and exploitation, with attackers consistently finding new ways to leverage existing vulnerabilities and emerging technologies. This week’s recap highlights a series of concerning trends, from actively exploited zero-days in widely used software to the sophisticated abuse of phishing kits and…
Palo Alto Networks VPN vulnerability, identified as CVE-2026-0257, is being actively exploited by an unknown threat actor to gain unauthorized access to GlobalProtect portals. The critical authentication bypass flaw, which affects the portal and gateway components of PAN-OS software, carries a CVSS score of 7.8 and allows malicious actors to…
Splunk has issued critical security updates to address CVE-2026-20253, a severe vulnerability in Splunk Enterprise that allows unauthenticated users to perform arbitrary file operations and potentially achieve remote code execution. Rated 9.8 on the CVSS scoring system, the flaw presents a significant risk to enterprise environments utilizing the affected software.…
U.S. law enforcement agencies, in collaboration with international partners, have seized multiple internet domains alleged to have hosted nonconsensual AI-generated pornography. The operation targeted websites that specialized in creating and distributing digitally altered images and videos of women without their consent. The domains, CFAKE.com and SOCFAKE.com, are accused of publishing…
Cybersecurity researchers have unveiled a novel attack technique, dubbed “Agentjacking,” that subverts artificial intelligence (AI) coding agents, compelling them to execute arbitrary code on developer workstations. This groundbreaking vulnerability exploits a fundamental architectural weakness at the intersection of error tracking platforms and AI agents, potentially granting attackers unfettered access to…
The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Research & Analysis
More Articles
Cybercriminals are actively deploying CoinMiner malware via USB drives, compromising workstations primarily in South Korea. The malicious campaign focuses on illicitly mining the Monero cryptocurrency by infecting user devices with sophisticated malware. This threat highlights the persistent danger posed by physical media in cybersecurity and the evolving tactics of threat…
Attackers are rapidly exploiting a critical vulnerability, dubbed React2Shell, that affects React Server Components shortly after it was publicly disclosed with a patch. The vulnerability, identified and patched by Meta and the React team on Wednesday, has quickly become a target for threat actors with diverse motivations and origins. Multiple…
Solana users are facing a sophisticated new wave of phishing attacks that bypass traditional security measures by altering wallet ownership permissions instead of directly stealing private keys. These insidious attacks exploit a unique feature of the Solana blockchain, allowing malicious actors to gain unauthorized control over user accounts, leaving victims…
A critical security vulnerability, designated CVE-2025-66516, has been discovered in Apache Tika, a widely used content analysis framework. This flaw allows for XML External Entity (XXE) injection attacks, posing a severe risk to applications that rely on Tika for document processing. The vulnerability has been assigned a maximum CVSS score…
A potent new Android spyware, identified as ClayRat, has surfaced as a serious threat, raising alarms for mobile device security globally. Discovered in October by the zLabs research team, this malware exhibits advanced capabilities enabling attackers to exert extensive control over compromised devices. ClayRat employs sophisticated stealth techniques to pilfer…
Attackers are actively exploiting a critical vulnerability in Array Networks’ ArrayOS AG series VPN appliances, leading to unauthorized access to enterprise networks. This flaw, residing in the DesktopDirect function, allows threat actors to inject commands and deploy webshells, posing a significant risk to organizations worldwide. Confirmed attacks leveraging this weakness…
Two Chinese state-affiliated hacking groups, Earth Lamia and Jackpot Panda, have been observed actively exploiting a newly disclosed, critical vulnerability in React Server Components (RSC) within hours of its public release. This zero-day exploitation marks a swift and aggressive response from threat actors to weaponize the maximum-severity flaw, identified as…
A new sophisticated threat actor, identified as WARP PANDA, has emerged, aggressively targeting critical infrastructure across the United States. This China-nexus group demonstrates advanced capabilities in infiltrating VMware vCenter environments, focusing on legal, technology, and manufacturing organizations. Their emergence marks a significant escalation in cloud-based cyberattacks, with a clear aim…
Russian-backed threat actors, identified as Calisto, are employing sophisticated phishing tactics to target NATO research sectors and strategic organizations. The intrusion set, linked to Russia’s FSB Center 18 for Information Security, has broadened its focus to include NGOs and think tanks, particularly in countries supporting Ukraine and Eastern European nations.…
New Linux Malware Employs Stealth Tactics, Combines DDoS Botnet and Fileless Cryptominer
By News RoomSecurity researchers have identified a new and sophisticated Linux malware campaign that cleverly combines a Mirai-derived Distributed Denial of Service (DDoS) botnet with a stealthy, fileless cryptocurrency miner. This potent hybrid threat, named V3G4 by Cyble Research Intelligence Labs, targets both Internet of Things (IoT) devices and cloud Linux servers,…
A sophisticated new Android malware, dubbed SeedSnatcher, is actively targeting cryptocurrency users globally, aiming to steal sensitive digital wallet recovery phrases and execute malicious commands. Distributed deceptively via Telegram under the guise of a cryptocurrency-related application, this threat poses a significant risk to the security of digital assets. The malware,…
A critical command injection vulnerability affecting Array Networks AG Series secure access gateways has been actively exploited in the wild since August 2025. The exploitation targets the DesktopDirect feature, a remote desktop access solution, allowing malicious actors to execute arbitrary commands on compromised systems. This widespread exploitation poses a significant…