4:03 pm – June 8, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting SolarWinds Serv-U software to its Known Exploited Vulnerabilities (KEV) catalog. This action, taken on June 6, 2026, signifies that the flaw is actively being exploited by malicious actors, prompting urgent attention from organizations reliant on…
The cybersecurity landscape is experiencing an unprecedented surge in vulnerability discovery, largely propelled by advancements in artificial intelligence. This week saw two significant developments highlighting this trend: a security startup revealed 21 previously unknown vulnerabilities in FFmpeg, a critical media library, all identified by an autonomous AI agent, while Google…
Cisco has issued a critical alert regarding a high-severity security vulnerability, CVE-2026-20182, within its Catalyst SD-WAN Manager software. This flaw has been observed to be under active exploitation, posing a significant risk to organizations relying on Cisco’s software-defined networking solutions. The vulnerability, which affects multiple deployment models including on-premises and…
A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
The cybersecurity landscape is constantly evolving, and a recent development concerning the last layer standing in network defense has caught the attention of IT professionals worldwide. A report released this week by the Global Cybersecurity Institute (GCI) highlights emerging threats and the increasing importance of multi-factor authentication (MFA) as a…
Cisco Addresses Vulnerability in Unified Communications Manager Following Publication of Exploit Code
By News RoomCisco has issued a critical patch for a vulnerability in its Unified Communications Manager (UCM) that could allow unauthenticated attackers on a network to write arbitrary files to the system, potentially leading to full root access. This critical Cisco UCM vulnerability, tracked as CVE-2026-20230, poses a significant threat to organizations…
Research & Analysis
More Articles
A sophisticated malware campaign is currently distributing a dangerous piece of malware, identified as Winzipper, through fake WinRAR download websites. This attack, which has emerged from links shared across various Chinese websites, targets users who seek to download the popular file compression tool from unofficial sources. The trojanized installer poses…
MuddyWater APT exploits Word documents with RustyWater toolkit to bypass security defenses.
By News RoomThe Iran-linked MuddyWater Advanced Persistent Threat (APT) group has launched a sophisticated spear-phishing campaign targeting critical sectors across the Middle East. This latest offensive leverages weaponized Word documents to deploy a new Rust-based malware, dubbed ‘RustyWater’, signaling a significant shift in the group’s preferred tooling. Researchers have identified RustyWater’s ability…
Cyber Threats Against Australia and New Zealand Driven by Initial Access Sales and Ransomware Campaigns
By News RoomThe cyber threat landscape in Australia and New Zealand has become critically dangerous in 2025, driven by an escalating market for compromised network access sold on underground forums. Cyble Research and Intelligence Labs identified 92 instances of such sales impacting organizations in both nations, highlighting a mature and commercialized cybercrime…
Automated bot attacks have escalated dramatically in 2026, targeting websites, APIs, and mobile applications with sophisticated methods like credential stuffing, scraping, DDoS, and fake account floods. These attacks are leading to significant breaches, service outages, revenue losses, and severe reputational damage for organizations. Leading bot protection platforms are responding with…
Trend Micro has issued critical security updates for its on-premise Apex Central for Windows, addressing a severe vulnerability that could allow remote attackers to execute arbitrary code with system-level privileges. The patches also resolve two additional flaws that could lead to denial-of-service conditions, highlighting the ongoing need for robust endpoint…
A new sophisticated malware campaign, dubbed Boto Cor-de-Rosa, is leveraging WhatsApp Web to automatically spread the Astaroth banking trojan to Windows users, primarily impacting those in Brazil. This evolving threat demonstrates a concerning tactic of exploiting popular messaging platforms to create a self-sustaining infection loop, harvesting contact lists and aggressively…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the closure of ten Emergency Directives (EDs) issued between 2019 and 2024. This move signifies the successful remediation of identified risks within Federal Civilian Executive Branch (FCEB) agencies, bolstering their cybersecurity posture. These directives were enacted to address critical vulnerabilities…
A sophisticated new attack dubbed “Ghost Tapped” is enabling Chinese threat actors to steal funds directly from Android users’ bank accounts. This novel exploitation of Near Field Communication (NFC) technology bypasses the need for physical bank cards, allowing criminals to execute fraudulent transactions remotely. Security researchers have identified over 54…
Kuwait’s Ministry of Interior has stressed the critical importance of robust inter-agency coordination in effectively managing emergency response operations. The directive came during a high-level inspection focused on operational readiness and the efficiency of security sectors. Deputy Interior Minister Major General Abdulwahab Al-Wuhaib led a field inspection tour on Saturday,…
Caracas experienced a significant blackout on Saturday, coinciding with U.S. forces’ reported move to seize Venezuelan leader Nicolás Maduro. This widespread power outage is believed to have been orchestrated by the U.S. Cyber Command, showcasing the evolving role of malware in modern conflict and providing a tactical advantage during the…
A new phishing campaign is exploiting the trust associated with DocuSign to deliver stealthy malware onto Windows systems. Security researchers have identified a sophisticated attack that impersonates legitimate DocuSign notifications, tricking users into downloading malicious software. This operation highlights the evolving tactics of cybercriminals in bypassing standard security measures. The…
A sophisticated hacking group, identified as UAT-7290, has been actively targeting critical infrastructure entities, particularly telecommunications companies, across South Asia since at least 2022. Intelligence reports indicate strong associations between UAT-7290 and the Chinese government, raising significant concerns about the security of vital communication networks in the region. The group’s…