9:25 pm – June 8, 2026 Check Point Research has issued a critical alert regarding the active exploitation of a significant vulnerability affecting Remote Access VPN and Mobile Access deployments. The flaw, identified as CVE-2026-50751, carries a high CVSS score of 9.3 and pertains to an authentication bypass within insecurely configured IKEv1 key exchange protocols. This…
A significant new threat has emerged in the software development landscape, dubbed “Mythos,” which is far more advanced than typical software vulnerabilities. Industry experts, including Dan Lorenc, CEO of Chainguard, assert that Mythos, despite initial skepticism as a mere marketing tactic, represents a fundamental shift in cyber threats. These are…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting SolarWinds Serv-U software to its Known Exploited Vulnerabilities (KEV) catalog. This action, taken on June 6, 2026, signifies that the flaw is actively being exploited by malicious actors, prompting urgent attention from organizations reliant on…
The cybersecurity landscape is experiencing an unprecedented surge in vulnerability discovery, largely propelled by advancements in artificial intelligence. This week saw two significant developments highlighting this trend: a security startup revealed 21 previously unknown vulnerabilities in FFmpeg, a critical media library, all identified by an autonomous AI agent, while Google…
Cisco has issued a critical alert regarding a high-severity security vulnerability, CVE-2026-20182, within its Catalyst SD-WAN Manager software. This flaw has been observed to be under active exploitation, posing a significant risk to organizations relying on Cisco’s software-defined networking solutions. The vulnerability, which affects multiple deployment models including on-premises and…
A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
Research & Analysis
More Articles
Magecart Attack Leverages Over 50 Malicious Scripts to Compromise Checkout and Account Creation Processes
By News RoomA massive Magecart campaign is deploying over 50 malicious scripts to hijack online checkout and account creation flows, according to Source Defense Research. This sophisticated web skimming operation targets a global audience, intercepting a wide range of sensitive information from unsuspecting online shoppers and account holders. The evolving tactics highlight…
A sophisticated malware campaign has successfully infiltrated Maven Central, a crucial repository for Java developers, by disguising itself as a legitimate Jackson JSON library extension. Discovered by Aikido analysts, this attack represents a significant threat to the software supply chain, exploiting a subtle typographical error to trick developers into downloading…
A critical security vulnerability affecting SmarterTools SmarterMail software has been detailed by the Cyber Security Agency of Singapore (CSA), posing a significant risk of remote code execution. The flaw, identified as CVE-2025-52691, has been assigned the highest possible severity rating of 10.0 on the CVSS scale, indicating its potential for…
Israel’s National Cyber Directorate has issued an urgent alert regarding a sophisticated new spear-phishing attack targeting individuals in security and defense sectors within the Israel region. The campaign, disguised as invitations to professional conferences, employs malicious WhatsApp messages that lead victims to fake websites designed to harvest sensitive personal and…
OpenAI has identified prompt injection as a significant and evolving security risk for AI agents operating within web browsers. The company recently deployed an update for its ChatGPT Atlas browser agent following the discovery of a novel class of these attacks through internal testing. This update includes enhanced safeguards and…
A Chinese-linked threat group, identified as HoneyMyte, Mustang Panda, or Bronze President, is employing a sophisticated new kernel rootkit to conceal its ToneShell backdoor. This advanced malware campaign has predominantly targeted government networks across Southeast and East Asia, with a significant impact observed in Myanmar and Thailand. The primary objective…
A significant supply chain attack has targeted EmEditor, a widely used text editor, to distribute infostealer malware to millions of users. Between December 19 and December 22, 2025, the official EmEditor website was compromised, leading to the distribution of malicious installer files. Users who downloaded version 25.4.3 from the official…
A recent survey has revealed that over one in five organisations experienced a cyber incident impacting their industrial control systems (ICS) or operational technology (OT) within the last year. This finding underscores ongoing vulnerabilities in critical infrastructure protection. The SANS Institute’s The State of ICS/OT Cybersecurity 2025 report, sponsored by…
Cybersecurity professionals are grappling with a new information disclosure vulnerability, CVE-2025-14847, dubbed “MongoBleed,” which presents a significant risk due to its widespread use of the affected software. Concerns are mounting as researchers and threat hunters work to understand the full scope of potential impacts, drawing parallels to previous critical vulnerabilities…
A sophisticated new phishing kit, exhibiting clear signs of AI-assisted development, is actively targeting Microsoft Outlook users, primarily those who interact with the service in Spanish. This operation, which began in March 2025, has been identified by researchers through a distinctive signature of four mushroom emojis embedded within the string…
Cybercriminals employing ‘Silver Fox’ tactics target Indian entities with income tax phishing scams.
By News RoomChinese threat actors, identified as Silver Fox, are actively targeting Indian organizations with sophisticated phishing campaigns designed to impersonate legitimate Income Tax Department communications. These attacks, aimed at stealing sensitive data and infiltrating systems, leverage deceptive emails containing malicious attachments disguised as tax-related documents, posing a significant risk to businesses…
Public perceptions of sophisticated cyberattacks often paint a picture of flawless execution, but a closer examination of Windows Event Logs and endpoint telemetry reveals a messier reality. Threat actors frequently stumble, experiment, and adapt their tactics when faced with defensive measures, demonstrating a learning process rather than a pre-programmed assault.…