10:12 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A sophisticated cyberattack, dubbed “Operation GhostMail,” has targeted a Ukrainian government agency, exploiting a critical vulnerability in the Zimbra Collaboration Suite to pilfer sensitive credentials and email archives. The operation, attributed with medium confidence to a Russian state-linked Advanced Persistent Threat (APT) group, showcases an elusive attack methodology that bypasses…
Horabot banking Trojan reappears in Mexico using multi-stage phishing and email worm tactics
By News RoomA sophisticated banking trojan known as Horabot has resurfaced in an active campaign that is currently targeting users across Mexico. This renewed assault combines a multi-stage infection chain with an email worm, effectively transforming every compromised machine into a phishing relay. The threat actors are leveraging a Delphi-based banking trojan,…
A newly discovered malicious Python package, dubbed ‘Pyronut’, has been found on the Python Package Index (PyPI), posing a significant threat to developers building Telegram bots. Pyronut actively impersonates the popular ‘pyrogram’ framework, a tool used by hundreds of thousands of developers monthly. Instead of traditional typo-squatting tactics, the attackers…
Cybersecurity Threats Include FortiGate RaaS, Citrix Exploits, MCP Abuse, and LiveChat Phishing
By News RoomThis week’s ThreatsDay Bulletin highlights a constellation of cybersecurity threats, with a particular focus on the growing exploitation of known vulnerabilities and sophisticated tactics employed by threat actors. Emerging RaaS operations like The Gentlemen, alongside critical vulnerabilities in widely used platforms such as BMC FootPrints and FortiGate, underscore the persistent…
A sophisticated malware campaign dubbed “Vibe-Coded” is leveraging AI-assisted coding techniques to distribute malicious software by masquerading as popular, in-demand tools. This new approach, which allows threat actors to generate malware more rapidly and with less technical expertise, poses an increasing threat to everyday internet users. The campaign, which came…
A widely used code editor extension, fast-draft, found on the Open VSX registry, was discovered to harbor malicious code. This hidden malware silently deployed a remote access trojan (RAT) and a comprehensive infostealer onto unsuspecting developer workstations. The compromised extension, published under the KhangNghiem account, had amassed over 26,000 downloads…
DarkSword iOS Exploit Kit Leverages Six Vulnerabilities, Including Three Zero-Days, for Full Device Control
By News RoomA sophisticated new exploit kit, codenamed DarkSword, is actively targeting Apple iOS devices, enabling threat actors to steal sensitive data. Discovered by Google Threat Intelligence Group (GTIG), iVerify, and Lookout, DarkSword has been in use since at least November 2025, exploiting vulnerabilities to compromise iPhones. Its emergence highlights the growing…
A North Korea-linked hacking group, WaterPlum, is employing a sophisticated new malware named StoatWaffle in targeted supply chain attacks. The group is disseminating this malware through compromised Visual Studio Code (VSCode) repositories disguised as legitimate blockchain development projects, aiming to stealthily infiltrate developers’ machines. This advanced threat leverages a multi-stage…
Iran-linked botnet exposed following open directory leak revealing 15-node relay network
By News RoomA cyber threat actor linked to Iran has had its entire operational infrastructure exposed following a significant security oversight, revealing a sophisticated botnet operation. The incident, uncovered on February 24, 2026, occurred when researchers discovered an open directory on a staging server, providing an unprecedented view into a live network…
CISA Issues Alert on Exploited Zimbra, SharePoint Vulnerabilities; Cisco Zero-Day Used in Ransomware Attacks
By News RoomThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert to federal agencies regarding two actively exploited vulnerabilities. One flaw affects the Synacor Zimbra Collaboration Suite (ZCS), while the other impacts Microsoft Office SharePoint. These critical security flaws, identified as CVE-2025-66376 and CVE-2026-20963, underscore the ongoing threat…
A potent new malware strain, dubbed SnappyClient, has emerged as a significant threat to Windows users, blending remote access, data exfiltration capabilities, and advanced evasion techniques into a single, compact C++ implant. First observed in December 2025, this command-and-control (C2) framework is designed to log keystrokes, capture screenshots, provide remote…
A surge of actively exploited vulnerabilities affecting Cisco’s network edge software, including its firewalls and SD-WAN systems, has been disclosed since late February. Researchers report that five of the nine vulnerabilities Cisco has revealed in these critical security products have already been exploited by malicious actors in the wild, raising…