11:11 am – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A new ransomware strain, dubbed JanaWare, has emerged, specifically targeting computer users in Turkey. This sophisticated cyber threat leverages a customized version of the Adwind remote access trojan (RAT) to infiltrate systems, marking a significant development in the ransomware landscape for the region. The operation appears to be focused on…
Dragon Boss Solutions Update Exposes Over 25,000 Endpoints in Domain Supply Chain Attack
By News RoomA sophisticated supply chain attack orchestrated using a seemingly innocuous software update from Dragon Boss Solutions LLC has exposed over 25,000 endpoints worldwide. The attack, discovered on March 22, 2026, initially presented as a routine adware alert before revealing its true, far more dangerous nature: a multi-stage operation designed to…
Recent research by CALIF has demonstrated that OpenAI’s Codex AI model can achieve root-level access on a Samsung Smart TV by exploiting vulnerabilities in world-writable driver interfaces. This significant development, revealed on April 14, 2026, highlights critical security concerns regarding the handling of device security in consumer electronics and how…
A live credential stuffing botnet targeting Twitter/X accounts has been discovered completely exposed to the internet, allowing unauthorized access to its control panel, worker server credentials, and real-time attack data. This vulnerability means that anyone with the correct IP address and port could gain full administrative control over the malicious…
A sophisticated new PlugX USB worm is stealthily infecting systems across multiple continents, utilizing a deceptive DLL sideloading technique to evade detection. First observed in Papua New Guinea in August 2022, this advanced persistent threat (APT) variant re-emerged in early 2023, with infections confirmed in geographically disparate locations including Ghana,…
A new Android malware named Mirax is emerging as a significant threat, converting infected smartphones into residential proxy nodes. Discovered circulating in underground criminal forums since late 2025, Mirax combines the ability to steal banking credentials with the capability to reroute malicious traffic through a victim’s legitimate IP address. This…
A new social engineering campaign, likely orchestrated by former affiliates of the defunct Black Basta ransomware group, has targeted over 100 employees across numerous organizations, aiming for network intrusion, potential data theft, and extortion. This renewed activity, identified by cybersecurity firm ReliaQuest, uses mass email and impersonation tactics to gain…
Cybercriminals are increasingly bypassing traditional phishing attacks, opting instead to target identity providers like Okta through voice-based social engineering, a technique known as vishing. This emerging threat, identified by LevelBlue researchers, represents a significant shift in initial access strategies, making it harder for organizations to defend against such sophisticated attacks.…
Threat actors have begun leveraging a popular productivity tool, Obsidian, by weaponizing its Shell Commands community plugin to execute malicious code across different operating systems. This novel attack vector, identified by Elastic Security Labs as REF6598, allows attackers to launch cross-platform malware attacks without exploiting software vulnerabilities. The campaign primarily…
Janela RAT Campaign Exploits Fake MSI Installers and Malicious Browser Extensions for Data Theft
By News RoomA sophisticated new cyberattack campaign is targeting financial institutions and cryptocurrency platforms across Latin America, leveraging a Remote Access Trojan (RAT) known as Janela RAT. Threat actors are employing deceptive MSI installers and malicious browser extensions as primary entry vectors to infiltrate systems and pilfer sensitive financial data from unsuspecting…
The sophisticated threat actor APT41 is leveraging a newly identified Winnti-family backdoor to transform Linux cloud servers into potent credential theft platforms. This advanced persistent threat (APT) is systematically targeting cloud environments hosted on AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud, prioritizing stealthy and long-term access to critical infrastructure.…
A sophisticated cyber threat has been detected, with hackers exploiting a fake Proxifier installer hosted on GitHub to distribute the ClipBanker cryptocurrency-stealing malware. This malicious campaign, active since early 2025, targets unsuspecting users seeking the popular proxy software, silently siphoning digital assets by hijacking clipboard data. Researchers from Securelist detailed…