3:45 pm – June 7, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A new sophisticated mobile spyware platform, dubbed ZeroDayRAT, has emerged, targeting both Android and iOS devices for real-time surveillance and extensive data theft. The platform, first observed on February 2, 2026, is being openly sold via Telegram, offering cybercriminals a cross-platform tool to compromise smartphones. Researchers at iVerify identified ZeroDayRAT…
State-sponsored threat actors known as Lotus Blossom have successfully infiltrated the official hosting infrastructure of Notepad++, a widely used open-source code editor. This compromise, which occurred between June and December 2025, allowed the attackers to target government agencies, telecommunications firms, and critical infrastructure operators. The breach enabled Lotus Blossom to…
Google has issued urgent security updates for its popular Chrome browser to patch a critical, actively exploited zero-day vulnerability, CVE-2026-2441. This high-severity flaw, described as a use-after-free bug within the browser’s CSS engine, poses a significant risk, allowing remote attackers to execute arbitrary code within the browser’s sandbox. The discovery…
A new phishing campaign is actively distributing an updated variant of the XWorm Remote Access Trojan (RAT), a malware that grants cybercriminals extensive control over infected Microsoft Windows systems. First identified in 2022, XWorm remains a readily accessible tool for threat actors, frequently traded on Telegram-based marketplaces, contributing to its…
A new wave of cyberattacks, dubbed “ClickFix,” is actively targeting Windows users, employing sophisticated social engineering tactics to trick individuals into executing malicious code and installing the potent StealC information stealer malware. This alarming trend was identified by researchers at LevelBlue, who observed attackers compromising legitimate websites to host deceptive…
A burgeoning threat actor, designated UAT-9921, has been actively deploying a sophisticated new malware framework known as VoidLink in cyber espionage campaigns targeting critical technology and financial services sectors. Cisco Talos researchers revealed that this previously unidentified group has been leveraging the modular framework since at least September 2025, posing…
Over half a million users of VKontakte, Russia’s largest social network, have been affected by a sophisticated malware campaign that hijacks accounts through malicious Chrome extensions. The compromised extensions, masquerading as tools for VK customization, silently subscribed users to attacker-controlled groups, manipulated account settings, and maintained persistent unauthorized access by…
AI-Driven Phishing and QR Code Quishing Attacks Increase in 2025 Spam and Phishing Report
By News RoomCybercriminals are increasingly leveraging compromised game launchers and cracked software to distribute malware, with a new campaign identified by Securelist analysts highlighting the sophisticated techniques at play. This trend, amplified by the widespread desire for free access to premium content, now sees malware disguised within legitimate-looking game components, such as…
OysterLoader Multi-Stage Evasion Loader Uncovered with Advanced Obfuscation and Rhysida Ransomware Links
By News RoomA new and sophisticated malware loader named OysterLoader has been identified, posing a significant threat to cybersecurity. This advanced threat, first detailed in June 2024 by Rapid7, utilizes multi-stage evasion techniques and advanced obfuscation methods to bypass security defenses and deliver malicious payloads. OysterLoader has been strongly linked to Rhysida…
Threat actors are actively exploiting a critical security vulnerability impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, security researchers at watchTowr have reported. The flaw, identified as CVE-2026-1731, carries a critical CVSS score of 9.9 and could allow unauthenticated attackers to execute arbitrary operating system commands, leading…
Over 1,800 Windows servers globally have been compromised by a sophisticated malware campaign dubbed BADIIS, which targets Internet Information Services (IIS) environments. This large-scale operation transforms legitimate web infrastructure into a platform for SEO poisoning, manipulating search engine results to promote illicit gambling and cryptocurrency sites. The attack vectors are…
DShield Sensor Detects Self-Propagating SSH Worm Exploiting Credential Stuffing and Multi-Stage Malware
By News RoomA sophisticated new self-propagating SSH worm has been identified by cybersecurity researchers, capable of completely compromising Linux systems within seconds using a combination of credential stuffing and multi-stage malware. This potent threat exploits weak authentication mechanisms, particularly on Internet of Things (IoT) devices like Raspberry Pi computers, highlighting persistent vulnerabilities…