6:48 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A new criminal service named Leak Bazaar has emerged, transforming the resale of stolen corporate data into a structured, intelligence-driven marketplace. Launched on March 25, 2026, by a threat actor known as “Snow” from the SnowTeam, Leak Bazaar operates not as a traditional data leak site but as a post-exfiltration…
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal for Malware Deployment
By News RoomA sophisticated social engineering technique, dubbed ClickFix, is gaining significant traction, enabling threat actors to trick both Windows and macOS users into manually executing malicious commands. These commands, upon execution, stealthily install malware onto victims’ devices. This method, first identified in late 2023, has rapidly evolved from a niche tactic…
Cybercriminals using Silver Fox infrastructure pivot from remote access tools to Python-based stealers in tax audit phishing campaign.
By News RoomA sophisticated, China-based threat actor, identified as Silver Fox and also known as Void Arachne, has undergone a significant operational shift since early 2025. The group has transitioned its primary modus operandi from distributing remote access trojans (RATs) to deploying a custom-developed Python-based stealer. This evolution leverages increasingly convincing phishing…
The clandestine world of cybersecurity has seen a worrying trend: iPhone exploits, once the domain of sophisticated intelligence agencies, are increasingly appearing on the black market, becoming commodities available to a wider range of actors. This shift from highly controlled use to a more accessible marketplace raises significant concerns for…
A sophisticated malware campaign dubbed GhostClaw is actively targeting macOS users, leveraging social engineering tactics within fake GitHub repositories and AI-assisted development workflows. The primary goal of this campaign is to steal user credentials, enabling attackers to deploy secondary malicious payloads on compromised systems. GhostClaw’s emergence in early March 2026,…
A sophisticated cyber threat campaign is targeting Web3 customer support staff, employing fake screenshot lures to install persistent backdoors on unsuspecting employees’ machines. The stealthy operation, attributed to APT-Q-27, leverages social engineering within live chat interactions to bypass traditional security measures and infiltrate organizations, according to recent analysis. The threat…
A sophisticated new Malware-as-a-Service (MaaS) dubbed Torg Grabber has emerged, showcasing a rapid evolution from basic Telegram exfiltration to a robust, encrypted REST API command-and-control (C2) infrastructure in just three months. This advanced credential stealer, identified by Gen Digital’s Threat Research Team, is being actively deployed for multiple cybercriminal operations,…
Fake npm Install Messages Hide RAT Malware in New Open Source Supply Chain Campaign A sophisticated new software supply chain campaign, dubbed the “Ghost campaign,” is actively targeting developers via the npm package registry. This evolving threat utilizes deceptive installation messages to mask the deployment of remote access trojan (RAT)…
A new malware loader, dubbed Kiss Loader, has been identified by cybersecurity researchers, employing sophisticated code injection techniques to compromise Windows systems undetected. Discovered in early March 2026, Kiss Loader represents a nascent attack campaign still under active development by its creators. The malware’s initial distribution vector involves a Windows…
A widespread phishing campaign is actively targeting software developers on GitHub, leveraging deceptive Visual Studio Code security alerts within GitHub Discussions to distribute malware. Attackers are crafting messages that mimic urgent official advisories, warning of critical vulnerabilities in VS Code and directing users to download a malicious, supposedly patched version…
The cybersecurity landscape is grappling with a significant resurgence of Mirai-based botnets, evolving into a formidable threat capable of launching massive Distributed Denial of Service (DDoS) attacks and orchestrating widespread proxy abuse. First identified in 2016, the Mirai malware, initially designed to exploit vulnerabilities in Internet of Things (IoT) devices,…
A new, sophisticated malware campaign is targeting systems using a multi-stage approach involving obfuscated Visual Basic Script (VBS) files, PNG loaders, and remote access trojans (RATs), all designed for stealthy, disk-less execution. This campaign, initially noted in early 2026, has revealed a reusable delivery framework operating from shared infrastructure. The…