7:37 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
China-linked hackers infiltrated Southeast Asian military systems during ongoing espionage operation.
By News RoomA sophisticated and long-running cyber espionage campaign, identified as CL-STA-1087, has been covertly targeting military organizations across Southeast Asia since at least 2020. The operation, with moderate confidence linked to a China-aligned threat actor, prioritizes the collection of strategic and operational intelligence over mass data exfiltration. The attackers have employed…
A sophisticated threat campaign named SmartApeSG, also known by the aliases ZPHP and HANEYMANEY, is actively spreading multiple malware strains, including Remcos RAT, NetSupport RAT, StealC, and Sectop RAT. This campaign leverages a social engineering tactic called ClickFix, observed as recently as March 24, 2026, demonstrating an alarming strategy of…
A sophisticated new Linux ransomware, dubbed Pay2Key, is actively targeting organizational servers, virtualization hosts, and cloud workloads, posing a significant threat to businesses that have long relied on the operating system’s perceived security. First detected in late August 2025, this variant, attributed to Iranian threat actors, is engineered for scalability…
Russian law enforcement authorities have apprehended the alleged administrator of the notorious LeakBase cybercrime forum, a significant development in the ongoing global fight against online criminal enterprises. The arrest, confirmed by state media, targets a suspect accused of operating a platform that facilitated the illicit trade of stolen personal and…
AI-Assisted Campaign Employs Trojanized GitHub Repositories to Target Developers and Gamers
By News RoomA sophisticated malware campaign, dubbed “OpenClaw Trap,” is actively targeting software developers, gamers, Roblox players, and cryptocurrency users by leveraging compromised GitHub repositories. The campaign, identified by Netskope Threat Labs, employs a custom LuaJIT trojan designed with advanced evasion techniques to bypass automated security defenses, indicating a well-resourced threat actor.…
A recent analysis by Whiteintel’s Intelligence Division reveals that infostealer infections can lead to dark web exposure of stolen corporate credentials in as little as 48 hours. This rapid escalation highlights a critical, often overlooked, vulnerability in enterprise cybersecurity defenses. Traditional security measures frequently fail to detect these threats until…
A Russian national has been sentenced to two years in prison and fined $100,000 by the U.S. Department of Justice (DoJ) for his role in managing a sophisticated botnet used to launch ransomware attacks against American companies. Ilya Angelov, 40, identified by the online aliases “milan” and “okart,” co-managed a…
In a significant development for cybersecurity, Anthropic revealed in September 2025 that a state-sponsored threat actor successfully conducted an autonomous cyber espionage campaign utilizing an AI coding agent. This sophisticated operation targeted 30 global entities, with the AI autonomously managing 80-90% of tactical operations, including reconnaissance, exploit code generation, and…
A critical supply chain attack has been uncovered targeting cryptocurrency developers, with five malicious npm packages designed to exfiltrate sensitive private wallet keys directly to a Telegram bot. These packages, published under the npm account “galedonovan,” masqueraded as legitimate development tools for both Solana and Ethereum ecosystems. Once installed, they…
Passwordless authentication, championed as the ultimate defense against account takeovers, faces new uncertainties due to the hidden architecture of Google Authenticator’s passkey system. Researchers have uncovered a complex cloud-based component that silently handles sensitive cryptographic operations, potentially opening novel attack vectors previously undiscovered in widespread passwordless solutions. This revelation challenges…
A persistent threat actor, identified as Larva-26002, has been continuously targeting poorly managed Microsoft SQL (MS-SQL) servers, now deploying a new scanner malware named ICE Cloud Client. This campaign, active since at least January 2024 and extending into 2026, showcases the attacker’s evolving toolset, shifting from ransomware operations to large-scale…
A sophisticated cyber threat actor, identified as TeamPCP, has escalated its operations from stealthy credential theft to outright destructive attacks with the deployment of a new Kubernetes wiper. This malware specifically targets systems configured for Iran, a significant geopolitical pivot that intensifies the campaign’s malicious intent and expands its potential…