12:56 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
Cybercriminals are exploiting the immense excitement surrounding BTS’s highly anticipated ARIRANG world tour by deploying sophisticated fake ticket websites designed to defraud eager fans across nine countries. This widespread scam capitalizes on the global phenomenon of the K-pop group, leveraging the intense demand that typically follows prolonged breaks or major…
Iranian state-sponsored hacking group MuddyWater has significantly altered its operational tactics, now leveraging a Russian-developed Malware-as-a-Service (MaaS) platform for its latest campaign. This strategic shift, observed in a new operation utilizing a previously unidentified tool named ChainShell, signals MuddyWater’s move away from custom malware towards commercially available offensive capabilities, posing…
Compromised OpenVSX Extension Distributes GlassWorm Malware to VS Code, Cursor, and Windsurf
By News RoomA sophisticated cyber threat, dubbed GlassWorm, is now spreading through a trojanized developer extension on the OpenVSX marketplace, silently infecting multiple code editors. The malicious package, disguised as a legitimate productivity tool, leverages a compiled native binary to compromise popular environments like VS Code, Cursor, and Windsurf, as well as…
Threat actor DesckVB employs obfuscated JavaScript and fileless .NET loader to evade detection
By News RoomA sophisticated new Remote Access Trojan (RAT) dubbed DesckVB has emerged in 2026, employing advanced evasion techniques such as heavily obfuscated JavaScript and a fileless .NET loader to bypass security defenses. This malware grants attackers comprehensive remote control over infected systems, posing a significant cybersecurity threat to both individuals and…
More than 5,200 internet-connected devices, primarily programmable logic controllers (PLCs) made by Rockwell Automation/Allen-Bradley, have been identified as potentially exposed to Iranian government-backed attackers, according to a threat intelligence brief released Wednesday by cybersecurity firm Censys. The majority of these potentially vulnerable devices, nearly 3,900, are located within the United…
Hackers are employing sophisticated tactics in Taiwan, disguising malicious software as legitimate security tools to infiltrate organizations. A newly identified malware, dubbed LucidRook, has surfaced, targeting Taiwanese non-governmental organizations and potentially universities. Attackers are using spearphishing emails containing links to password-protected archives that, upon opening, deploy the harmful LucidRook malware.…
A new and sophisticated remote access trojan (RAT) named STX RAT is posing a significant cybersecurity threat in 2026. This malware expertly blends covert remote desktop capabilities with credential-stealing features, allowing attackers to silently compromise targeted systems. The malware’s unique identifier is a “Start of Text” (STX) magic byte, encoded…
Hackers Target High-Value Crypto Holders with New macOS Stealer: notnullOSX A sophisticated new macOS info-stealer, dubbed notnullOSX, has emerged, specifically targeting cryptocurrency holders with wallets valued at over $10,000. This advanced malware employs a dual-pronged attack strategy, leveraging social engineering through a tool called ClickFix and distributing malicious DMG disk…
A sophisticated new ClickFix campaign is bypassing macOS Terminal security by exploiting the built-in Script Editor application to deliver the potent Atomic Stealer malware. This tactic represents a significant evolution in how threat actors adapt to Apple’s escalating security measures, underscoring that social engineering remains a formidable pathway to compromise.Previously,…
A sophisticated new phishing campaign is leveraging Google Cloud Storage to distribute the Remcos Remote Access Trojan (RAT), posing a significant threat to users worldwide. By exploiting the inherent trust placed in Google’s infrastructure, attackers are creating malicious links that bypass common security filters. This new phishing attack via Google…
Open source developers are being targeted by a sophisticated social engineering campaign that impersonates a Linux Foundation leader on Slack. The attackers are using this fake persona to trick developers into downloading malware, highlighting the growing reliance on trust within these close-knit communities. The campaign, brought to light on April…
A sophisticated new malware campaign, dubbed RoningLoader, is actively targeting Chinese-speaking users with a multi-stage attack leveraging DLL side-loading and code injection to evade cybersecurity defenses. This advanced loader, attributed to a threat actor known as DragonBreath, was first identified in late 2025 and employs a layered approach to stealth,…