12:05 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
OpenAI has mandated that all macOS users update their software to the latest versions following a supply-chain attack that briefly impacted a popular open-source library in late March. The company stated that while it found no evidence of user data breaches or compromised systems, it is treating its security certificates…
Cybercriminals are increasingly exploiting trusted Software-as-a-Service (SaaS) channels, specifically leveraging the notification systems of popular platforms like GitHub and Jira to deliver sophisticated phishing attacks. This new tactic bypasses traditional security measures by sending malicious emails that appear to originate from legitimate infrastructure, making them harder for security gateways to…
An Iran-linked cyber threat group known as CyberAv3ngers has escalated its capabilities, evolving from a disruptive hacktivist entity to a significant threat targeting critical infrastructure across the United States. Officially associated with Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), the group has been active since at least 2020, demonstrating…
Cybercriminals are increasingly exploiting legitimate Windows tools to execute malicious activities, a technique known as “Living Off the Land.” A prominent example involves the abuse of MSBuild.exe, a Microsoft-signed build utility, to launch sophisticated, fileless attacks that evade conventional security detection methods. This method allows attackers to run malicious code…
A sophisticated Python-based backdoor, dubbed VIPERTUNNEL, is stealthily breaching enterprise networks by masquerading as a legitimate DLL file and employing advanced obfuscation techniques. This advanced malware establishes a covert SOCKS5 proxy tunnel to command-and-control (C2) servers, granting attackers persistent and undetectable access within compromised systems. The sophistication of VIPERTUNNEL lies…
A sophisticated cyberattack campaign orchestrated by APT37, a North Korea-linked state-sponsored threat group, has been uncovered, leveraging social media platforms, encrypted messaging applications, and a cleverly tampered software installer to breach targeted systems. This new intrusion strategy highlights the increasing use of familiar digital tools by advanced persistent threats (APTs)…
A critical security flaw within a widely adopted WordPress plugin, the User Registration & Membership plugin, is exposing thousands of websites to severe risks. The vulnerability, identified as CVE-2026-1492, enables attackers to completely bypass the authentication process, granting them administrator access without requiring any credentials or legitimate user accounts. This…
Hackers Leverage AiTM Session Hijacking in Storm-2755 Campaign to Redirect Employee Salaries
By News RoomA sophisticated cybercrime operation, identified as Storm-2755, is leveraging AiTM session hijacking to divert employee salaries to attacker-controlled bank accounts. This campaign, primarily targeting Canadian workers, uses advanced techniques to bypass multi-factor authentication (MFA) and gain unauthorized access to sensitive financial information. The “payroll pirate” attacks begin with deceptive search…
A critical security vulnerability discovered in EngageSDK, a widely used Android library, has exposed an estimated 30 million users of cryptocurrency wallets to potential financial theft and data breaches. The flaw, identified as an intent redirection flaw, allowed malicious applications to bypass Android’s security measures and access sensitive user data…
Cybercriminals are increasingly exploiting popular developer platforms like GitHub and GitLab to host malware and conduct credential phishing campaigns. Due to the widespread use and inherent trust placed in these platforms by organizations, many security tools do not flag their domains, creating a significant vulnerability that attackers are actively leveraging…
Hackers impersonate secure messaging apps to deploy ProSpy in Middle East espionage attacks
By News RoomA sophisticated mobile espionage campaign utilizing fake secure messaging apps to distribute potent Android spyware, dubbed ProSpy, has been actively targeting individuals across the Middle East since at least 2022. Attackers are skillfully impersonating legitimate and widely trusted applications such as Signal, ToTok, and Botim, aiming to infect the devices…
In a joint advisory issued on April 7, 2026, U.S. intelligence and cybersecurity agencies revealed that Iranian-affiliated advanced persistent threat (APT) actors are actively exploiting internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs). These industrial control system components are critical for essential services like water treatment and energy distribution, making their…