9:28 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A widespread cyberattack campaign has compromised over 7,500 Magento-powered e-commerce websites since late February 2026. Attackers have been uploading hidden malicious files into publicly accessible web directories across thousands of domains, impacting commercial brands, government agencies, universities, and non-profit organizations globally. The broad scope of this Magento compromise, affecting over…
Trivy Security Scanner GitHub Actions Compromised, 75 Tags Hijacked for CI/CD Secret Theft
By News RoomThe open-source vulnerability scanner Trivy has been compromised for the second time in less than a month, allowing attackers to inject malware designed to steal sensitive CI/CD secrets. The recent incident specifically targeted GitHub Actions workflows, including “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are crucial for scanning container images and setting up…
The FBI, in collaboration with its Thai partners, is intensifying efforts to dismantle large-scale scam compounds in Southeast Asia that are orchestrating cyber fraud targeting Americans. These industrial-scale operations, characterized by sophisticated methods like “pig butchering,” have led to billions of dollars in losses for victims across the United States.…
A critical Langflow flaw, identified as CVE-2026-33017, is actively being exploited within just 20 hours of its public disclosure. This rapid weaponization highlights the increasing speed at which threat actors are leveraging newly revealed vulnerabilities, particularly within the burgeoning field of artificial intelligence platforms. The security defect carries a CVSS…
Cybersecurity researchers are warning of a critical vulnerability in Ubiquiti’s UniFi Network Application that could allow attackers to gain unauthorized access to user accounts. The flaw, identified as CVE-2026-22557, has been patched by the company, but officials caution that unpatched systems remain at risk due to the potential for widespread…
A new and sophisticated Android banking trojan, dubbed Perseus, has surfaced, posing a significant threat to users across multiple countries. Analyzed by cybersecurity firm ThreatFabric, Perseus is built upon the leaked source code of the Cerberus banking trojan and incorporates features from the Phoenix codebase. This new malware distinguishes itself…
A sophisticated new variant of the VoidStealer infostealer has emerged, making headlines as the first known malware to circumvent Google Chrome’s Application-Bound Encryption (ABE) without relying on invasive code injection or requiring elevated system privileges. This groundbreaking development, present in VoidStealer version 2.0 released on March 13, 2026, signals a…
Four major botnets, responsible for hijacking approximately three million devices and launching over 300,000 distributed denial-of-service (DDoS) attacks, have had their command-and-control infrastructure seized by international law enforcement. The coordinated operation, announced Thursday by the Justice Department, targeted the botnets known as Aisuru, Kimwolf, JackSkid, and Mossad. These botnets allowed…
Ransomware actors are significantly expanding their tactics to disable endpoint security, moving beyond the traditional exploit of vulnerable drivers to neutralize defenses before deploying file-encrypting payloads. This evolution, detailed in recent security research, indicates a sophisticated shift in how attackers approach detection evasion, making EDR killers a critical component in…
A critical security vulnerability in Magento’s REST API, dubbed PolyShell by security firm Sansec, poses a significant risk of unauthenticated code execution and account takeover for e-commerce businesses. The flaw allows attackers to disguise malicious code as image files, potentially compromising sensitive data and customer accounts. Magento REST API Vulnerability…
A new infostealer malware named Speagle is posing a significant threat to organizations utilizing Cobra DocGuard, a document security platform developed by China-based EsafeNet. This sophisticated malware expertly blends into its host environment, using Cobra DocGuard’s own infrastructure to conduct its data theft operations. Speagle’s primary objective is to actively…
SilentConnect Employs VBScript, PowerShell, and PEB Masquerading for ScreenConnect Deployment
By News RoomA new multi-stage malware loader dubbed SILENTCONNECT has been observed silently deploying the ConnectWise ScreenConnect remote monitoring and management (RMM) tool onto Windows systems. This sophisticated threat, active since at least March 2025, leverages VBScript, in-memory PowerShell execution, and Process Environment Block (PEB) masquerading to achieve its objectives, granting attackers…