6:14 pm – June 7, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A new ransomware strain, dubbed Cephalus, has emerged, targeting Windows networks with a double-extortion strategy. First observed in June 2025 and publicly reported in August, Cephalus operates by exfiltrating sensitive data before encrypting victim files. This dual approach pressures organizations by threatening to leak stolen information, in addition to demanding…
Cybersecurity researchers have unveiled a sophisticated new botnet operation dubbed SSHStalker, which employs the long-standing Internet Relay Chat (IRC) protocol for its command-and-control (C2) infrastructure. This discovery highlights a concerning trend of threat actors leveraging older technologies for modern cyber threats, posing a significant risk to systems that may be…
Microsoft addresses 59 vulnerabilities, including six zero-days under active exploitation.
By News RoomMicrosoft released cumulative security updates for February, addressing 59 vulnerabilities across its software. Six of these flaws were actively exploited in the wild, prompting immediate attention from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This significant patch release underscores the ongoing challenges in securing digital environments against evolving cyber…
The cybersecurity landscape is witnessing a troubling evolution with the emergence of the Coinbase Cartel, a new ransomware group employing a distinct data-exfiltration-first extortion strategy. This tactic diverges significantly from traditional ransomware attacks, focusing on stealing sensitive data without encrypting systems, thereby enabling quieter and faster operations while retaining leverage…
The ongoing digital transformation within Operational Technology (OT) environments, while increasing efficiency, also presents persistent security challenges. A key vulnerability, the use of removable media, remains a significant OT cybersecurity concern, according to Hussam Sidani, Vice President for the Middle East and North Africa at OPSWAT. This ubiquitous tool, essential…
Cybersecurity researchers are warning of a resurgence in attacks leveraging the Phorpiex botnet, a decade-old malware-as-a-service platform. In a recent campaign, threat actors are employing sophisticated social engineering tactics, using phishing emails with the subject line “Your Document” to distribute Global Group ransomware. This ransomware, identified as a successor to…
VoidLink Linux C2 Demonstrates LLM-Generated Malware with Multi-Cloud and Kernel-Level Stealth
By News RoomA sophisticated Linux malware framework named VoidLink has surfaced, showcasing the alarming evolution of cyber threats with its AI-assisted development, multi-cloud targeting capabilities, and kernel-level stealth mechanisms. The framework represents a new wave of cyberattacks where large language models (LLMs) are being utilized to create functional command-and-control (C2) implants, capable…
UNC1069 hackers target finance sector using new tools and AI-enhanced social engineering
By News RoomNorth Korean threat actors, identified by cybersecurity researchers as UNC1069, have ramped up their malicious activities targeting the cryptocurrency and finance sectors. This financially motivated group is employing a sophisticated combination of novel malware and advanced AI-enabled social engineering tactics to achieve its objectives. For at least the past five…
Threat actors are weaponizing Bing Ads to launch sophisticated tech support scams, targeting users with fraudulent pages hosted on Microsoft Azure Blob Storage. This campaign, which began on February 2, 2026, has impacted nearly 50 organizations across vital sectors in the United States, including healthcare, manufacturing, and technology. The malicious…
The advanced persistent threat (APT) group known as APT36, or Transparent Tribe, has intensified its espionage operations targeting Indian defense and government entities. Recent reports from Aryaka Threat Research Labs detail the group’s use of a new arsenal of cross-platform malware, including sophisticated tools specifically designed for Linux systems, to…
A sophisticated cybercriminal collective known as TeamPCP, also operating under monikers like PCPcat and DeadCatx3, has industrialized cloud misconfigurations into a self-propagating cybercrime platform. Emerging in late 2025, the group systematically targets exposed Docker APIs, Kubernetes clusters, and other cloud-native services. Their extensive campaign focuses on building a vast distributed…
The cybersecurity landscape has been significantly disrupted by the emergence of “React2Shell” (CVE-2025-55182), a critical vulnerability impacting Next.js and React Server Components. This severe flaw, publicly disclosed on December 4, 2025, allows unauthenticated attackers to execute arbitrary code on vulnerable servers, posing an immediate and high-priority threat to global enterprises.…