3:37 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A sophisticated phishing campaign targeting Philippine banking customers demonstrates a disturbing evolution in cyber threats. Attackers are now leveraging widely trusted internet platforms to mask their malicious activities, successfully stealing bank credentials and one-time passwords (OTPs) to drain victims’ accounts rapidly. This ongoing operation, identified by Group-IB CERT researchers, has…
Senator Ron Wyden has urged the Social Security Administration (SSA) commissioner to reject President Donald Trump’s executive order that mandates the creation of a new U.S. voter database utilizing agency data. Wyden stated that any cooperation with this directive would be viewed by Democrats as explicit participation in voter suppression…
Axios Maintainer Confirms npm Compromise Resulted From Targeted Social Engineering Attack
By News RoomA recent compromise of the popular JavaScript HTTP library Axios highlights a critical vulnerability in the open-source supply chain: the human element. Two malicious versions of Axios were briefly
A sophisticated cyberattack campaign orchestrated by the notorious North Korean hacking group Kimsuky has been uncovered, employing malicious Windows shortcut files (LNK files) as a covert entry point to deploy a Python-based backdoor. This multi-stage attack showcases Kimsuky’s evolving tactics, aiming to bypass security defenses and gain persistent access to…
A sophisticated new malware-as-a-service platform, dubbed Venom Stealer, is revolutionizing the data theft landscape. Security researchers have identified that this advanced tool goes beyond typical credential harvesting, constructing an entire automated attack chain that begins with subtle social engineering and culminates in the comprehensive pilfering of a victim’s digital assets,…
Hackers Deploy Phorpiex Botnet for Ransomware, Sextortion, and Crypto-Clipping Campaigns
By News RoomThe Phorpiex botnet, active since 2011, has evolved into a sophisticated criminal enterprise, now capable of simultaneously deploying ransomware, executing mass sextortion email campaigns, and stealing cryptocurrency. This increasingly resilient malware, particularly its Twizt variant, presents a significant and evolving threat to individuals and organizations worldwide. Recent analysis by Bitsight…
A sophisticated supply chain attack has compromised the widely used Axios npm package, potentially exposing millions of developer environments to malware. North Korea-linked hackers allegedly gained access to the JavaScript library using stolen maintainer credentials on March 31, 2026, turning a critical development tool into a vector for malicious activity.…
North Korea-linked campaign exploits GitHub for command and control in LNK phishing attacks
By News RoomA sophisticated phishing campaign attributed to North Korean state-sponsored actors is leveraging Windows shortcut files (LNK) to infiltrate organizations, primarily in South Korea. This operation is notable for its covert use of GitHub as a command and control (C2) channel, a platform widely trusted and often whitelisted by corporate security…
ICE Confirms Use of Paragon Spyware Amidst Congressional Criticism U.S. Immigration and Customs Enforcement (ICE) has confirmed its use of the controversial Paragon spyware, escalating concerns among privacy advocates and drawing sharp criticism from a group of House Democrats. The agency’s acknowledgment comes in response to an inquiry from lawmakers…
A sophisticated malware campaign is leveraging a convincing Boeing Request for Quotation (RFQ) to trick industrial suppliers and procurement teams into downloading malicious files. The attack, dubbed NKFZ5966PURCHASE, impersonates legitimate Boeing communications, leading victims to open a compromised Word document that initiates a covert, six-stage kill chain. This stealthy operation…
A new ransomware campaign is actively targeting Windows users across South America, employing a deceptive tactic by mimicking the well-known Akira ransomware. This sophisticated threat, however, is not directly affiliated with the original Akira group. Instead, cybersecurity researchers have identified its core encryptor as being based on the publically leaked…
A sophisticated phishing campaign has successfully cloned Ukraine’s official cybersecurity authority website to trick individuals into downloading a dangerous malware known as a remote access trojan (RAT). The threat group, identified as UAC-0255, employed a convincing fake version of CERT-UA’s site to distribute a Go-based RAT, highlighting the persistent threat…