4:44 am – June 8, 2026 A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Flaw in Claude Code GitHub Action Uncovered, Posing Repository Takeover Risk A security vulnerability has been discovered in Anthropic’s Claude Code GitHub Action, allowing attackers to potentially hijack vulnerable public repositories. The flaw, reported by security researcher RyotaK of GMO Flatt Security, could enable a malicious actor to execute arbitrary…
ThreatsDay Bulletin Details AI Agent Malfunctions, C2 Tools, ClickFix Exploits, JavaScript Backdoors, and Over 20 New Developments.
By News RoomThe cybersecurity landscape continues to present complex challenges, with a persistent blend of evolving threats and persistent vulnerabilities. This ongoing dynamic highlights the critical importance of robust security practices and continuous vigilance for organizations across all sectors. As the digital realm expands, the intricate web of threats, from sophisticated nation-state…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of attackers actively exploiting the flaw, tracked as CVE-2026-45247, in the wild, posing a significant risk to e-commerce…
Research & Analysis
More Articles
A growing number of diverse attackers, including nation-state actors and financially motivated cybercriminals, are actively exploiting a path-traversal vulnerability in WinRAR, even though it was patched six months ago. Google’s Threat Intelligence Group (GTIG) issued a warning highlighting the continued exploitation of this high-severity security flaw, identified as CVE-2025-8088, which…
A sophisticated identity-theft operation, dubbed SLSH, is actively targeting over 100 high-profile organizations, including tech giants like Canva, Atlassian, and Epic Games. This dangerous new threat combines the tactics of notorious hacking groups Scattered Spider, LAPSUS$, and ShinyHunters, leveraging a potent mix of human-driven social engineering and advanced phishing techniques…
G_Wagon npm Package Exploits Users, Exfiltrates Browser Credentials via Obfuscated Payload
By News RoomA sophisticated new npm package, ansi-universal-ui, has been discovered to be a malicious information stealer, dubbed G_Wagon. Security researchers identified the package on January 23rd, 2026, noting its deceptive façade as a legitimate user interface component library. Beneath this innocent description, G_Wagon operates as a multi-stage attack framework designed to…
Cybercriminals are leveraging hijacked official GitHub Desktop repositories to distribute malware, posing a significant threat to developers. This sophisticated attack campaign, active between September and October 2025, primarily targeted users in Europe and the European Economic Area, but infections subsequently spread to Japan and other regions. Attackers are creating fake…
WhatsApp has introduced a new security feature, termed “Strict Account Settings,” designed to protect users from advanced cyber threats, including sophisticated spyware. The feature, set to roll out in the coming weeks, will offer enhanced privacy controls for individuals, particularly those in high-risk professions. The “Strict Account Settings” will allow…
Cybercriminals are exploiting a concerning tactic known as SEO poisoning to trick users searching for legitimate software. By manipulating search engine rankings, attackers are prominently displaying malicious links that lead unsuspecting individuals to download infected files instead of the intended applications, posing a significant cybersecurity threat to a broad range…
Threat actors are actively exploiting a critical vulnerability, CVE-2025-55182, also known as React2Shell, to target companies across the insurance, e-commerce, and IT sectors. This flaw allows attackers to execute unauthorized code on vulnerable servers by manipulating the Flight protocol used for React Server Components communication. The exploitation campaigns have been…
A sophisticated new phishing campaign is leveraging deepfake artificial intelligence and video conferencing platforms like Zoom and Microsoft Teams to target cryptocurrency holders. This dangerous tactic, primarily spreading through Telegram, aims to trick victims into compromising their systems and stealing valuable Bitcoin, login credentials, and Telegram accounts. The attack chain…
Caminho Loader, a novel Loader-as-a-Service (LaaS) operation, is leveraging a sophisticated blend of steganography, fileless execution, and cloud service abuse to covertly distribute malware across multiple continents. First observed in March 2025 and believed to originate from Brazil, this threat actor service embeds .NET payloads within seemingly innocuous image files…
Researchers Discover Critical Grist-Core Vulnerability Enabling Remote Code Execution Through Spreadsheet Formulas
By News RoomA significant security vulnerability, dubbed Cellbreak and tracked as CVE-2026-24002, has been identified in Grist‑Core, the open-source, self-hosted relational spreadsheet-database. This critical flaw, with a CVSS score of 9.1, carries the potential for remote code execution, posing a serious risk to users running the affected versions. Discovered by security researcher…
Since 2023, a sophisticated malware framework known as PeckBirdy has become a primary tool for Chinese-aligned advanced persistent threat (APT) groups. This JavaScript-based command-and-control (C&C) platform is designed for multi-environment compatibility, offering attackers significant flexibility. The framework primarily targets victims in the gambling industry and government organizations across Asia, signifying…
Advanced persistent threat (APT) actors, believed to be operating from Pakistan, have launched a sophisticated cyber campaign targeting Indian government organizations using newly identified tools, including GOGITTER and GITSHELLPAD malware. This coordinated assault, dubbed Gopher Strike by researchers, emerged in September 2025 and signifies a growing threat to sensitive Indian…