1:37 am – June 9, 2026 Check Point Research has issued a critical alert regarding the active exploitation of a significant vulnerability affecting Remote Access VPN and Mobile Access deployments. The flaw, identified as CVE-2026-50751, carries a high CVSS score of 9.3 and pertains to an authentication bypass within insecurely configured IKEv1 key exchange protocols. This…
A significant new threat has emerged in the software development landscape, dubbed “Mythos,” which is far more advanced than typical software vulnerabilities. Industry experts, including Dan Lorenc, CEO of Chainguard, assert that Mythos, despite initial skepticism as a mere marketing tactic, represents a fundamental shift in cyber threats. These are…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting SolarWinds Serv-U software to its Known Exploited Vulnerabilities (KEV) catalog. This action, taken on June 6, 2026, signifies that the flaw is actively being exploited by malicious actors, prompting urgent attention from organizations reliant on…
The cybersecurity landscape is experiencing an unprecedented surge in vulnerability discovery, largely propelled by advancements in artificial intelligence. This week saw two significant developments highlighting this trend: a security startup revealed 21 previously unknown vulnerabilities in FFmpeg, a critical media library, all identified by an autonomous AI agent, while Google…
Cisco has issued a critical alert regarding a high-severity security vulnerability, CVE-2026-20182, within its Catalyst SD-WAN Manager software. This flaw has been observed to be under active exploitation, posing a significant risk to organizations relying on Cisco’s software-defined networking solutions. The vulnerability, which affects multiple deployment models including on-premises and…
A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
Research & Analysis
More Articles
Kuwait’s Ministry of Interior has announced the completion of a new TETRA wireless communications system and an electronic fingerprint data exchange program for deportees, alongside new joint traffic services with the UAE. This significant advancement in biometric security infrastructure comes as authorities are again confronting instances of fingerprint-related fraud. Brigadier…
Cisco customers are facing a new campaign of cyberattacks by a Chinese threat group exploiting a critical zero-day vulnerability in the company’s email and web security software. The vulnerability, which has been actively exploited since at least late November, allows attackers to gain unrestricted command execution and establish persistent backdoors…
RansomHouse, a ransomware-as-a-service (RaaS) platform operated by the threat group Jolly Scorpius, has significantly escalated its malicious activities with an upgraded double extortion strategy. This advanced tactic combines data theft with data encryption, creating a potent two-pronged attack that intensifies pressure on victim organizations and leads to severe financial losses…
Hewlett Packard Enterprise (HPE) has issued an urgent security advisory addressing a critical vulnerability, CVE-2025-37164, within its OneView Software. This high-severity flaw, which carries a maximum CVSS score of 10.0, could enable remote code execution by an unauthenticated attacker. The vulnerability impacts all versions of HPE OneView prior to version…
A sophisticated new threat known as Phantom Stealer version 3.5 is actively targeting users worldwide, aiming to steal sensitive data. This malware is currently being distributed through deceptive installers disguised as legitimate Adobe software, making it a significant concern for cybersecurity professionals and everyday computer users alike. The primary objective…
A Chinese-based espionage group known as Ink Dragon has significantly expanded its cyberattack operations, moving beyond its traditional focus in Southeast Asia and South America to actively compromise European government networks. This strategic shift highlights the group’s growing capabilities and ambition. Ink Dragon employs a sophisticated blend of well-engineered tools…
Researchers Discover New Lazarus and Kimsuky Infrastructure Using Active Tools and Tunnelling Nodes
By News RoomA new joint investigation by Hunt.io and the Acronis Threat Research Unit has unearthed significant new infrastructure and active tools employed by North Korean state-sponsored hacking groups Lazarus and Kimsuky. The research, detailed in a recent report, reveals a sophisticated and interconnected network of servers and systems allowing these threat…
The 2025 holiday shopping season is anticipated to be a prime target for cybercriminals, with a surge in newly registered fake online retail domains designed to ensnare unsuspecting consumers. Threat actors are launching a significant campaign of counterfeit websites, aiming to mimic popular global brands and steal sensitive financial information…
A formidable Android botnet, christened Kimwolf, has surfaced as a significant cybersecurity threat, having compromised an estimated 1.8 million Android devices globally. This sophisticated malware has infiltrated a wide array of Android-powered systems, including smart TVs, set-top boxes, and tablets, underscoring the pervasive nature of current cyber threats. The discovery…
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
By News RoomCisco has issued a critical alert regarding a maximum-severity zero-day vulnerability, CVE-2025-20393, in its AsyncOS software. This flaw, actively exploited by a China-linked advanced persistent threat (APT) actor codenamed UAT-9686, affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. The exploitation campaign, detected by Cisco on…
Cybersecurity is emerging as a top priority for the energy sector as rapid digital transformation increases the risk of cyberattacks, experts warned. The growing reliance on new technologies like AI and IIoT, coupled with aging infrastructure, has significantly expanded the potential attack surface for malicious actors. A recent roundtable discussion…
CISA Adds Critical ASUS Live Update Vulnerability to Known Exploited List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a significant software vulnerability affecting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion, announced on December 18, 2025, stems from confirmed evidence that the…