2:46 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
Iran-linked hackers target Middle East Microsoft 365 tenants with password spray campaign
By News RoomMicrosoft 365 tenants in the Middle East are currently the target of a sophisticated password spray campaign attributed to an Iran-linked threat actor. This attack vector bypasses traditional malware deployment, focusing instead on exploiting weak credentials to gain unauthorized access to cloud environments. The campaign highlights the persistent threat posed…
A sophisticated threat actor is actively exploiting the desire for premium features on TradingView, a popular charting platform used by traders and investors. By posting deceptive advertisements on Reddit promising free TradingView Premium access, the attacker is successfully distributing malware families known as Vidar for Windows and AMOS for macOS.…
Microsoft reports Storm-1175 exploits web-facing assets with zero-day flaws in Medusa ransomware attacks.
By News RoomA sophisticated ransomware operation, identified by Microsoft as Storm-1175, is rapidly targeting organizations by exploiting vulnerabilities in internet-facing assets. The threat group utilizes the Medusa ransomware, achieving full network compromise in as little as 24 hours by striking during the critical window between vulnerability disclosure and patching. This aggressive approach,…
Fortinet released an emergency software update over the weekend to address a critical zero-day vulnerability in its FortiClient Enterprise Management Server (EMS) software, a tool used to manage customer devices. The vulnerability, designated CVE-2026-35616, has been actively exploited in the wild. This new vulnerability, carrying a high CVSS score of…
GitHub Security Alerted to New Attack Chain Utilizing Compromised CI Updates for Data Exfiltration
By News RoomA sophisticated new cyberattack campaign is actively targeting open-source projects on GitHub, exploiting a critical vulnerability in its Actions workflow automation to exfiltrate sensitive secrets and tokens. The campaign, dubbed “prt-scan,” disguises malicious code as routine CI build configuration updates, tricking developers into approving pull requests that compromise valuable credentials.…
Bryan Fleming, the founder of the now-defunct stalkerware company pcTattleTale, has been sentenced to supervised release and a $5,000 fine. Fleming pleaded guilty in January to manufacturing and selling devices intended for secretly intercepting communications, marking a significant development in the ongoing efforts to curb the spread of invasive surveillance…
Hackers Target Drift Protocol, Reportedly Stealing $286 Million in Suspected North Korea-Linked Attack
By News RoomDecentralized finance protocol Drift Protocol was the victim of a massive cyber heist on April 1, 2026, losing an estimated $286 million in digital assets. The attack, which targeted the Solana-based decentralized perpetual futures exchange, unfolded with remarkable speed and coordination, draining core liquidity vaults in under an hour. The…
A sophisticated threat actor has compromised the Python Package Index (PyPI), distributing a malicious package named `hermes-px` that masqueraded as a privacy-enhancing AI inference proxy. In reality, this trojanized PyPI AI proxy used a stolen Claude prompt to exfiltrate sensitive user data, undermining its stated purpose of protecting anonymity and…
North Korea employs modular malware in cyber program to evade attribution and survive takedowns.
By News RoomNorth Korea’s cyber program has adopted a sophisticated modular malware strategy to evade attribution and survive takedowns. This innovative approach sees the regime abandoning monolithic hacking tools in favor of a fragmented ecosystem of highly specialized malware families, each meticulously designed for distinct operational objectives. This evolution stems from over…
Hackers distribute cross-platform malware via compromised Axios package and phantom dependency
By News RoomHackers Use Poisoned Axios Package and Phantom Dependency to Spread Cross-Platform Malware On March 30, 2026, a significant supply chain attack targeted the widely used JavaScript library Axios, a critical component for web developers worldwide. Attackers compromised the official npm account for the Axios project, introducing poisoned versions that silently…
Researchers Discover ResokerRAT Malware Exploits Telegram Bot API to Command Windows Devices
By News RoomA sophisticated new Remote Access Trojan (RAT) known as ResokerRAT is actively targeting Windows systems by leveraging the widely adopted Telegram Bot API for command and control. This innovative approach allows attackers to remotely manage infected machines and exfiltrate sensitive data through a communication channel that is often overlooked by…
A sophisticated software supply chain attack targeting developers using Strapi, an open-source content management system, has been uncovered. Threat actors published 36 malicious npm packages disguised as legitimate Strapi plugins, which were designed to exploit Redis for remote code execution, steal sensitive credentials, and establish persistent command-and-control (C2) channels on…