7:28 am – June 7, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
OCRFix Botnet Trojan Employs ClickFix Phishing and EtherHiding for Blockchain Command Infrastructure Concealment
By News RoomA newly identified botnet trojan campaign, dubbed OCRFix, is stealthily building a network of compromised machines by blending sophisticated social engineering tactics with a novel blockchain-based command infrastructure. The campaign leverages the well-known ClickFix phishing technique alongside EtherHiding, a method that embeds attacker instructions directly into public blockchains, making it…
Hundreds of Thousands of SonicWall Firewalls Targeted in Massive Reconnaissance Campaign A large-scale reconnaissance campaign has been actively targeting SonicWall firewalls across the internet, with attackers employing over 4,000 unique IP addresses to identify vulnerable devices before initiating exploitation attempts. Between February 22 and February 25, 2026, threat actors conducted…
The use of generative artificial intelligence (AI) tools to create deepfakes and manipulate images is increasingly impacting public figures, including U.S. Olympic athletes, even as they compete on the global stage. During the recent Milan games, athletes faced the proliferation of AI-generated content used for harassment and political messaging, highlighting…
A critical security vulnerability, CVE-2026-21513, impacting the MSHTML Framework has been patched by Microsoft, but new findings suggest it was exploited in the wild as a zero-day attack, potentially by the Russia-linked state-sponsored threat actor APT28. This high-severity flaw, carrying a CVSS score of 8.8, allows for security feature bypasses…
A once-featured browser extension has been used for covert script injection and security header removal after a silent update weaponized the tool. The extension, QuickLens, a Google Lens wrapper, was acquired by new ownership and subsequently transformed into a remote code execution platform, potentially exposing thousands of users to significant…
Vulnerability in ClawJacked Allows Malicious Sites to Hijack Local OpenClaw AI Agents via WebSocket
By News RoomOpenClaw has addressed a critical security vulnerability, dubbed ClawJacked, that could have allowed malicious websites to gain unauthorized access to locally running AI agents. The flaw, identified by Oasis Security, resides within the core OpenClaw gateway itself and does not involve any third-party plugins or extensions. Oasis Security reported that…
New research from Truffle Security has uncovered a significant security vulnerability affecting Google Cloud API keys, potentially exposing sensitive data and leading to unexpected billing charges. These Google Cloud API keys, commonly used for billing purposes, have been found to grant unauthorized access to sensitive Gemini endpoints, allowing attackers to…
A sophisticated new malware campaign, dubbed “Dohdoor,” is actively targeting U.S. educational and healthcare organizations. Since at least December 2025, threat actor UAT-10027 has been deploying this previously unknown backdoor malware, utilizing advanced stealth and multi-stage delivery tactics to achieve persistent access. The emergence of Dohdoor highlights a concerning trend…
A Go-based command-and-control (C2) framework known as Vshell is gaining significant traction among threat actors as a cost-effective and flexible alternative to commercial tools like Cobalt Strike. Originally marketed within Chinese-speaking offensive security communities, Vshell has evolved from a simple remote access tool (RAT) into a sophisticated platform capable of…
Researchers detail advanced persistent threat infrastructure with network evasion capabilities
By News RoomA new and sophisticated botnet loader, dubbed Aeternum C2, has emerged, fundamentally altering the landscape of cybercrime by leveraging the Polygon blockchain for its command and control (C2) infrastructure. This innovative approach renders traditional takedown methods, such as seizing servers and domains, ineffective against this resilient threat. Researchers from Qrator…
Over 900 instances of Sangoma FreePBX are still infected with web shells following a campaign that exploited a critical command injection vulnerability discovered in late 2025. The Shadowserver Foundation reported that these compromised systems are primarily located in the United States, with significant numbers also identified in Brazil, Canada, Germany,…
Infostealers enable large-scale brute-forcing of corporate SSO gateways via stolen credentials
By News RoomA significant surge in credential stuffing attacks is fundamentally altering the landscape of corporate network intrusions. Threat actors are increasingly bypassing traditional security exploits, opting instead to gain access through stolen passwords targeting corporate Single Sign-On (SSO) gateways, with a particular focus on F5 BIG-IP interfaces. This new wave of…