6:01 am – June 7, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
Iran-linked APT ‘Dust Specter’ targets Iraqi officials with AI-enhanced malware and new RATs
By News RoomA sophisticated cyberattack campaign, attributed with medium-to-high confidence to an Iran-nexus threat actor, has targeted Iraqi government officials. The group, identified as Dust Specter, leveraged novel malware and AI-assisted techniques in January 2026, impersonating Iraq’s Ministry of Foreign Affairs to compromise high-value targets. This campaign highlights a concerning evolution in…
Silver Dragon APT Group Uses Google Drive for Covert Communication Targeting Europe and Asia
By News RoomA sophisticated China-linked threat group, identified as Silver Dragon, has been actively targeting government and high-profile organizations across Southeast Asia and Europe since at least mid-2024. Operating under the broader umbrella of APT41, this group employs a multi-pronged approach to infiltrate networks, leveraging vulnerabilities in public-facing servers and sophisticated phishing…
A sophisticated phishing campaign is exploiting Google Cloud Storage (GCS) to host malicious redirect links, enabling it to bypass standard email security filters. By leveraging a legitimate Google-owned domain, attackers are making fraudulent emails appear trustworthy, allowing them to reach unsuspecting victims without triggering immediate alarms. This campaign, first detected…
Cloudflare’s inaugural threat intelligence report reveals a significant shift in cyberattacks, where attackers are industrializing vulnerabilities into professional “attack factories” that leave most organizations unprepared. The report highlights how attackers are weaponizing the very cloud-based services that organizations deploy and rely on, turning them into tools for large-scale assaults. This…
Cybersecurity researchers are warning of a worrying new trend in ransomware attacks: threat actors are now weaponizing Microsoft’s legitimate AzCopy utility to exfiltrate sensitive data from victim organizations before encrypting their systems. This sophisticated tactic leverages a trusted tool, widely used by IT professionals for managing Azure cloud storage, to…
Security advisory: Malicious packages disguised as Laravel utilities deploy PHP RAT, enable remote access
By News RoomA sophisticated supply chain attack has been discovered targeting the PHP developer community via Packagist, the official package repository for PHP and Laravel projects. A threat actor known as “nhattuanbl” published several malicious packages disguised as legitimate Laravel utility libraries. These packages deployed a fully functional PHP Remote Access Trojan…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the security flaw is actively being exploited in the wild. This development underscores the ongoing threat posed by sophisticated cyberattacks targeting enterprise security…
SloppyLemming espionage campaign deploys BurrowShell backdoor and Rust RAT against Pakistan and Bangladesh
By News RoomA sophisticated cyber espionage campaign, attributed to a threat group known as SloppyLemming, has been actively targeting government agencies, defense organizations, critical infrastructure operators, and nuclear oversight bodies in Pakistan and Bangladesh. The group, also tracked under aliases like Outrider Tiger and Fishing Elephant, has been operational since 2021. Between…
Cybercriminals are increasingly leveraging Telegram, a popular messaging app, to gain initial access to corporate VPNs, RDP sessions, and cloud environments. This shift from traditional dark web forums to Telegram signifies a significant evolution in cyberattack methodologies, posing new challenges for enterprise security teams worldwide. Cyfirma researchers noted this trend…
The discovery of the Coruna exploit kit, potentially originating from a leaked U.S. government framework, marks the first observed mass-scale attack targeting Apple’s iOS operating system. Researchers from Google Threat Intelligence Group and iVerify released separate reports Tuesday detailing the scope and origins of these sophisticated zero-day exploits. These findings…
A new cybersecurity threat, dubbed “StegaBin,” is actively targeting developers through the popular npm package manager. The campaign leverages deceptive tactics within the software supply chain, deploying a multi-stage credential stealer by embedding malicious code within seemingly legitimate npm packages. This sophisticated attack highlights the growing risks associated with open-source…
The Zerobot malware, a sophisticated botnet campaign, has re-emerged, actively exploiting critical vulnerabilities in Tenda AC1206 routers and the n8n workflow automation platform. This latest iteration, known as zerobotv9, demonstrates a concerning evolution, moving beyond traditional IoT devices to target enterprise-level automation tools, potentially posing a significant threat to organizational…