4:31 am – June 9, 2026 Check Point Research has issued a critical alert regarding the active exploitation of a significant vulnerability affecting Remote Access VPN and Mobile Access deployments. The flaw, identified as CVE-2026-50751, carries a high CVSS score of 9.3 and pertains to an authentication bypass within insecurely configured IKEv1 key exchange protocols. This…
A significant new threat has emerged in the software development landscape, dubbed “Mythos,” which is far more advanced than typical software vulnerabilities. Industry experts, including Dan Lorenc, CEO of Chainguard, assert that Mythos, despite initial skepticism as a mere marketing tactic, represents a fundamental shift in cyber threats. These are…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting SolarWinds Serv-U software to its Known Exploited Vulnerabilities (KEV) catalog. This action, taken on June 6, 2026, signifies that the flaw is actively being exploited by malicious actors, prompting urgent attention from organizations reliant on…
The cybersecurity landscape is experiencing an unprecedented surge in vulnerability discovery, largely propelled by advancements in artificial intelligence. This week saw two significant developments highlighting this trend: a security startup revealed 21 previously unknown vulnerabilities in FFmpeg, a critical media library, all identified by an autonomous AI agent, while Google…
Cisco has issued a critical alert regarding a high-severity security vulnerability, CVE-2026-20182, within its Catalyst SD-WAN Manager software. This flaw has been observed to be under active exploitation, posing a significant risk to organizations relying on Cisco’s software-defined networking solutions. The vulnerability, which affects multiple deployment models including on-premises and…
A critical security vulnerability in the Everest Forms Pro WordPress plugin, affecting approximately 4,000 active installations, is being actively exploited by threat actors to execute arbitrary code, leading to full website compromise. This remote code execution (RCE) flaw, identified as CVE-2026-3300, carries a severe CVSS score of 9.8 and impacts…
Research & Analysis
More Articles
Amazon Discloses Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
By News RoomAmazon’s threat intelligence team has unveiled a sophisticated, multi-year Russian state-sponsored cyber espionage campaign meticulously targeting Western critical infrastructure. Between 2021 and 2025, the Russian Main Intelligence Directorate (GRU), also known by threat actor names like APT44 and Sandworm, engaged in persistent attacks aimed at energy sector organizations and cloud-hosted…
A popular Chrome extension, Urban VPN Proxy, boasting over 6 million installations, has been found to be secretly harvesting user conversations with major AI chatbots. The extension, despite holding Google’s “Featured” badge for quality, contains hidden code designed to intercept and exfiltrate sensitive dialogue from platforms like ChatGPT, Claude, Gemini,…
Threat actors are actively exploiting two newly disclosed critical security vulnerabilities in Fortinet FortiGate devices, just days after their public revelation. These zero-day attacks, observed on December 12, 2025, target authentication bypasses that could grant attackers unauthorized access. This rapid exploitation highlights the urgent need for organizations to patch their…
A new and aggressive information stealer named SantaStealer has emerged as a significant threat to Windows users globally. This malware-as-a-service (MaaS) is actively being marketed on Telegram channels and underground hacker forums, with a full release anticipated by the end of 2025. SantaStealer represents a rebranding of the earlier BluelineStealer,…
A sophisticated new account takeover campaign, dubbed the GhostPairing Attack, is enabling malicious actors to gain full access to WhatsApp accounts without needing stolen passwords or exploiting technical vulnerabilities. This alarming threat, initially observed in Czechia, leverages social engineering tactics and WhatsApp’s legitimate device linking feature to trick unsuspecting users…
A critical security vulnerability dubbed React2Shell is being actively exploited by various threat actors to deploy sophisticated malware, including KSwapDoor and ZnDoor. Cybersecurity researchers from Palo Alto Networks Unit 42 and NTT Security have detailed how this flaw, identified as CVE-2025-55182, is enabling attackers to gain unauthorized access and control…
Google is set to retire its Dark Web Report tool in February 2026, a move that will stop monitoring user personal information on the dark web less than two years after its introduction. This decision by the tech giant signals a shift in its approach to online safety, aiming to…
Bahrain marked Police Day on December 14, highlighting the police force’s dedication to national security and stability, with the Ministry of Interior releasing figures detailing significant operational performance and service enhancements throughout 2025. Senior Ministry of Interior officials and officers from across security services attended the annual event, where His…
A new malware campaign dubbed PCPcat has rapidly compromised over 59,000 servers in less than 48 hours by exploiting critical vulnerabilities in Next.js and React frameworks. This widespread attack highlights a significant security gap in popular web development tools, leaving a substantial number of servers vulnerable to unauthorized access and…
Japanese organizations have become targets of a sophisticated cyberattack campaign leveraging a critical vulnerability in React/Next.js applications, known as React2Shell (CVE-2025-55182). Initially observed deploying cryptocurrency miners, the attacks have escalated, with a new malware called ZnDoor now being used to compromise network devices and establish persistent backdoor access. This development…
New Android Malware Frogblight Impersonates Government Websites to Steal SMS and Device Data
By News RoomA new sophisticated Android banking Trojan, dubbed Frogblight, has been identified as a significant threat in Turkey, employing advanced social engineering tactics to steal banking credentials and sensitive user information. Discovered in August 2025, this malware initially posed as an application for accessing court case files through official government portals.…
A sophisticated new malware known as “MioLab MacOS” is being actively advertised on underground cybercrime forums, posing a significant threat to macOS users. This resident infostealer, marketed as a Malware-as-a-Service (MaaS), provides threat actors with a web-based control panel and customizable features, aiming to ease the compromise of Apple devices…