11:48 pm – June 6, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
Argentina’s judicial system is under a sophisticated cyberattack, with threat actors now abusing legitimate court documents and GitHub repositories to deploy a potent Remote Access Trojan (RAT) known as COVERT RAT. This ongoing campaign, dubbed Operation Covert Access, is specifically targeting federal courts, legal professionals, government justice agencies, and academic…
Apple has released a critical security update to address a newly discovered vulnerability in its WebKit framework, a key component underpinning Safari and other applications across iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643, could allow malicious web content to bypass security measures, potentially leading to unauthorized access or…
Unpatched Telnetd Flaw (CVE-2026-32746) Allows Unauthenticated Root Remote Code Execution
By News RoomA critical security vulnerability affecting the GNU InetUtils telnet daemon (telnetd) has been disclosed, presenting a severe risk to unauthenticated remote attackers seeking to execute arbitrary code with elevated privileges. The flaw, identified as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0, underscoring its severity. Cybersecurity researchers at…
Iranian cyber operations reportedly maintain access to U.S. networks and target cameras for regional surveillance.
By News RoomIranian cyber operations in early 2026 saw state-linked actors establish persistent footholds within US and Canadian networks, while simultaneously targeting surveillance cameras across the Middle East for battlefield intelligence. This dual-pronged approach highlights a sophisticated, multi-faceted cyber strategy aimed at both espionage and real-time operational awareness. The Iranian APT group…
A sophisticated supply chain attack targeting developers using popular React Native packages was detected on March 16, 2026. The threat actor, identified as Glassworm, compromised two widely downloaded npm packages, react-native-country-select and react-native-international-phone-number, turning them into tools for silently stealing credentials and cryptocurrency. This incident highlights critical vulnerabilities in the…
Google reports ransomware actors are shifting tactics amid declining profits and increased data theft.
By News RoomGoogle Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises The ransomware threat landscape underwent a significant transformation in 2025, as criminal enterprises experienced a sharp decline in profits. Once a lucrative business model, ransomware operations are facing financial pressure due to falling ransom payment rates,…
Cybersecurity researchers have unveiled a novel technique enabling data exfiltration from AI code execution environments through the exploitation of Domain Name System (DNS) queries. This discovery, detailed in a recent report, highlights potential security gaps in how artificial intelligence services handle sensitive information and network isolation. BeyondTrust, a cybersecurity firm,…
A sophisticated supply chain attack has been uncovered targeting OphimCMS, a popular content management system used for building Vietnamese-language movie streaming websites. Six malicious Composer packages, masquerading as legitimate themes, were published on Packagist under the “ophimcms” namespace. These packages contained trojanized JavaScript, specifically fake jQuery libraries, designed to redirect…
Attackers are exploiting SEO poisoning techniques to trick enterprise users into downloading malicious VPN software, leading to the theft of sensitive credentials. A threat actor known as Storm-2561 has been actively running this campaign since May 2025, targeting employees seeking legitimate remote access tools like Pulse Secure, Fortinet, and Ivanti.…
A new ransomware variant named ‘Payload’ is posing a significant cybersecurity threat, employing Babuk-style encryption techniques and advanced anti-forensic measures against both Windows and ESXi systems. This new strain, active since at least February 17, 2026, has already targeted 12 organizations across seven countries, exfiltrating substantial amounts of data. The…
Phishing attackers are subverting a critical security feature, URL rewriting, to bypass defenses and deliver malicious payloads. This tactic allows threat actors to weaponize trusted safe links, turning a defensive mechanism into a tool of deception. What was once a safeguard is now being exploited to disguise malicious content, posing…
Phishers are now leveraging legitimate customer support tools, specifically the widely-used SaaS platform LiveChat, to execute sophisticated phishing attacks aimed at stealing sensitive user data. This emerging tactic bypasses traditional phishing methods, creating a more personalized and difficult-to-detect threat for consumers and businesses alike. Instead of directing users to fake…