Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Critical Everest Forms Pro RCE and Emerging Stripe-Based Skimming Campaigns
The critical remote code execution vulnerability CVE-2026-3300 (CVSS 9.8) in the Everest Forms Pro plugin for WordPress is being actively ...
PCPJack’s Cloud SMTP Proxy Network Targets Linux Servers
The PCPJack group, according to researchers at Hunt.io, compromised about 230 cloud servers on Amazon Web Services, Google Cloud, and ...
How CVE-2026-20230 Puts Cisco Unified CM at Risk
Cisco has released a fix for critical vulnerability CVE-2026-20230 in Cisco Unified Communications Manager (Unified CM) and its Session Management ...
TA4922 ramps up global phishing using Atlas RAT and new loaders
The Chinese-speaking cybercriminal group TA4922, previously focused on targets in East Asia, has expanded its attack geography to European organizations ...
Multi-stage WordPress infection abusing Steam Community C2
According to GoDaddy researchers, around 1,980 WordPress-based sites have been infected with multi-stage malware that uses Steam Community profiles as ...
How Microsoft’s Conflict With 0-Day Researcher Nightmare Eclipse Escalated
Microsoft published a statement in which it stepped back from its aggressive rhetoric in a conflict with security researcher Nightmare ...
Mirasvit Full Page Cache Warmer Magento RCE Actively Exploited
On June 3, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added vulnerability CVE-2026-45247 to its Known Exploited Vulnerabilities ...
How Operation Disruption Week Hit Transnational Pig-Butchering Scams
The U.S. Department of Justice announced the results of an unprecedented joint operation by government agencies and the private sector ...
SafeBreach shows how a single message could hijack Gemini on Android
SafeBreach researcher Or Yair demonstrated an indirect prompt injection technique against the Google Gemini voice assistant on Android, where a ...
Huntress Uncovers DesckVB RAT Campaign Abusing Google DoubleClick
Researchers at Huntress observed a large-scale phishing email campaign in which attackers use the legitimate Google DoubleClick Campaign Manager domain ...
