9:13 pm – June 7, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
Cybercriminals are increasingly leveraging legitimate infrastructure, specifically Virtual Private Servers (VPS) provisioned through platforms like ISPsystem, to launch sophisticated cyberattacks. Recent ransomware incidents in late 2025 revealed threat actors exploiting these seemingly trustworthy servers, often pre-configured with default templates, to host malicious operations and distribute malware. This tactic allows them…
A Pakistan-based hacker group, known as Transparent Tribe or APT36, has escalated its cyberattacks by shifting its primary focus from traditional government targets to India’s burgeoning startup ecosystem. This threat actor, active since 2013, is now employing a sophisticated malware called Crimson RAT to infiltrate Indian startups, particularly those involved…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that Federal Civilian Executive Branch (FCEB) agencies significantly upgrade their asset lifecycle management for edge network devices. This directive requires the removal of all devices that no longer receive security updates from their original equipment manufacturers (OEMs) within the next…
Sophisticated cyber adversaries are exploiting a dangerous combination of phishing techniques and OAuth token flaws to achieve full Microsoft 365 compromise, according to recent analysis. Attackers are leveraging seemingly innocuous web application features to bypass traditional security measures, leading to widespread data breaches and system access. This evolving threat landscape…
A sophisticated cyber campaign, identified as APT-Q-27, has been actively targeting corporate environments since mid-January 2026, employing stealthy attack tactics designed to bypass standard security alerts. This threat actor group, also known as GoldenEyeDog, has demonstrated a remarkable ability to infiltrate networks without raising immediate flags, posing a significant risk…
Security researchers have uncovered an active spam campaign that is successfully tricking organizations into installing remote monitoring and management (RMM) software through deceptive PDF attachments. This sophisticated attack vector leverages seemingly legitimate document formats to gain persistent remote access to compromised systems, posing a significant threat to business security. The…
Saudi Arabia is preparing to host the third World Defence Show in Riyadh from February 8-12, under the patronage of King Salman bin Abdulaziz Al Saud. The event, organized by the General Authority for Military Industries (GAMI), aims to foster collaboration and showcase advancements in the defense sector, with expectations…
Hackers are exploiting a deceptive tactic by leveraging Windows screensaver (.scr) files to compromise systems, deploy Remote Monitoring and Management (RMM) tools, and gain persistent remote access. This evolving cybersecurity threat allows attackers to bypass standard security controls by using legitimate software and cloud services to mask their malicious activities…
Exabeam Appoints Heba Sayed Director of Marketing and Communications for India, Middle East, Turkey, and Africa
By News RoomExabeam has appointed Heba Sayed as its new Director of Marketing & Communications for India, the Middle East, Turkey, and Africa (IMETA). This strategic hire is aimed at bolstering Exabeam’s regional presence amidst growing demand for advanced cybersecurity solutions across these key markets. Sayed will be responsible for developing and…
Claude Opus 4.6 Identifies Over 500 High-Severity Vulnerabilities in Prominent Open-Source Libraries
By News RoomArtificial intelligence company Anthropic has revealed that its latest large language model, Claude Opus 4.6, has successfully identified over 500 previously unknown high-severity security vulnerabilities in widely used open-source libraries. This significant discovery underscores the growing power of AI in cybersecurity and highlights potential risks associated with open-source software. The…
Mastercard has entered a major cybersecurity partnership with the United Arab Emirates, joining forces with the UAE Cyber Security Council (CSC) to boost the nation’s digital defences at a time when cyber risks are escalating at an unprecedented speed. This collaboration is expected to leverage global expertise and intelligence sharing…
ShadowSyndicate, a cybercriminal group first identified in 2022, has significantly evolved its infrastructure management by adopting a server transition technique. This tactic allows the threat actor to rotate Secure Shell (SSH) keys across multiple servers, making their operations considerably harder for security teams to track. The evolution in ShadowSyndicate’s methods…