3:54 am – June 8, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A class-action lawsuit has been filed against xAI, the parent company of the artificial intelligence chatbot Grok, alleging that the tool has been used to generate and disseminate nonconsensual explicit images of individuals. The lawsuit, filed by a group of plaintiffs identifying as “Jane Doe,” claims that Grok’s capabilities were…
A severe sandbox escape vulnerability, CVE-2026-22709, has been identified in the widely-used vm2 Node.js library. This critical flaw, with a CVSS score of 9.8 out of 10, could allow malicious actors to execute arbitrary code on the underlying operating system, bypassing the intended security of the sandboxed environment. The vulnerability…
Cybersecurity researchers have identified two critical security vulnerabilities within the n8n workflow automation platform, with one flaw posing a severe risk of remote code execution. These newly disclosed weaknesses could allow unauthorized access to sensitive data and system control for attackers targeting n8n instances. The discoveries were made by the…
The HoneyMyte hacker group, also identified as Mustang Panda or Bronze President, has significantly evolved its cyber arsenal, notably enhancing its CoolClient malware to deploy a sophisticated browser login data stealer. This advancement poses a persistent and growing threat to government organizations throughout Asia and Europe, with a particular focus…
Security teams commonly focus on sophisticated threats like phishing or ransomware when discussing credential risks. While these evolving attack vectors demand vigilance, one of the most persistent and underestimated dangers to organizational security is far more ordinary: near-identical password reuse. This practice, often overlooked, continues to undermine security controls, even…
A novel malware delivery campaign has surfaced, employing a sophisticated blend of social engineering and legitimate Microsoft components, including Application Virtualization (App-V), to deploy information-stealing malware. The attack commences with a deceptive CAPTCHA prompt, tricking users into executing commands via the Windows Run dialog, thereby presenting the harmful action as…
Multiple threat actors, including nation-state adversaries from Russia and China, as well as financially motivated cybercriminals, are actively exploiting a critical WinRAR vulnerability (CVE-2025-8088) that was patched in July 2025. This widespread exploitation, detailed by Google Threat Intelligence, highlights ongoing risks associated with unpatched software and underscores a persistent gap…
Chinese national sentenced to 46 months for laundering millions from American investors.
By News RoomA Chinese national has been sentenced to 46 months in prison for his role in a sophisticated cryptocurrency fraud scheme that defrauded 174 American investors of over $36.9 million. Jingliang Su was ordered to pay $26.9 million in restitution to victims by federal courts on January 27, 2026, highlighting a…
A critical security vulnerability in WinRAR, a widely used file compression tool for Windows, is being actively exploited by malicious actors to gain unauthorized control over user systems. Tracked as CVE-2025-8088, this flaw allows attackers to stealthily place malicious files into sensitive system directories, effectively compromising Windows machines. Despite a…
Researchers have uncovered a significant security threat targeting ChatGPT users through a coordinated campaign involving 16 malicious Chrome extensions. These extensions, designed to appear as legitimate ChatGPT enhancements, are actively stealing user session authentication tokens, granting attackers full access to compromised accounts and conversations. This sophisticated operation highlights the evolving…
Network security giant Fortinet has issued critical security updates to address an actively exploited FortiOS authentication bypass vulnerability. This severe flaw, identified as CVE-2026-24858, allows unauthorized access to devices, leading to potential data breaches and system compromise. The company is urging users to patch their systems immediately to prevent further…
Zunoma Introduces Hybrid Certificate Security Platform for Middle Eastern Awarding Bodies
By News RoomUK security printer Zunoma has introduced a new hybrid certificate security platform, eCertSecure, targeting educational and awarding bodies in the Middle East. The platform aims to combat credential fraud and streamline the verification process by combining secure physical certificates with digitally verifiable versions, all managed through a centralized dashboard. The…