Skip to main content

Emerging Threats

Vulnerable WordPress site setup with laptop, router, and modem on a minimalist desk.

WordPress Sites Targeted as Public Exploits Emerge for wp2shell Flaws

A critical vulnerability in WordPress Core, dubbed "wp2shell," has been discovered, allowing hackers to remotely execute code on affected sites - putting your online presence at risk if you haven't updated yet. Immediate action is urged for site operators to protect against this high-severity threat.

Analyst 207
A laptop sits open on a low table in a modern corporate office lobby.

Microsoft Warns of ACR Stealer Malware Surge Targeting Enterprise Customers

Microsoft warns of a surge in ACR Stealer malware attacks targeting enterprise customers, using clever social-engineering tactics and legitimate Windows tools to steal sensitive info. The malware, described as a malicious-as-a-service operation, has seen a significant spike in attacks between late April and mid-June.

Analyst 207
Medical device in a Cancer Diagnostics lab with a computer workstation in the background.

Abbott Labs Probes Two Cyber Incidents Amid Extortion Claims

Abbott Laboratories is investigating a cyber incident that involved unauthorized access to a limited number of internal systems within its Cancer Diagnostics business, and has activated incident response procedures to address the issue. The company confirms that its operations remain unaffected and that the affected systems are separate from its other businesses and systems.

Analyst 207
Cluttered developer workstation with laptop, coding tools, and subtle blockchain diagram in background.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery

Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

Analyst 207
Security analysts examine a laptop screen in a brightly-lit security operations center with rows of computer servers in the…

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates

In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Analyst 207
Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Handcuffed young men escorted by a stern-looking officer outside a UK courthouse.

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks

In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

Analyst 207
Office email workstation with laptop, papers, and supplies under ordinary lighting.

AI Spam Filters Vulnerable to Text Salting Attacks

Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Analyst 207
Industrial control equipment and network switch on a rack in a brightly-lit control room.

Siemens ROX II Zero-Days Expose Critical Infrastructure Risks

Our research team, in close collaboration with Siemens, uncovered a critical vulnerability chain of three zero-day exploits in Siemens ROX II operational-technology switches, posing significant risks to critical infrastructure security. This chained exploit could allow attackers to escalate from basic reconnaissance to full root-level control.

Analyst 207
Blurred office background with a single support document on a desk.

Ernst & Young Exposes Client Data in Third-Party Support System Hack

Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

Analyst 207
Government office with a barricaded door and encrypted computer screen.

Ransomware Targets Government Agencies Daily, Study Reveals

Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

Analyst 207
A coding test setup in a brightly-lit computer lab with a laptop and blank screen.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware

North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Analyst 207
Cluttered, dimly lit room with laptop on worn desk, surrounded by papers and household items.

Carders Seek 'Clean' Residential Proxies to Evade Fraud Controls

Criminals are on the hunt for so-called "clean" residential proxies, a new classification that's emerged in the underground world of payment fraud and carding. These proxies are prized for their spotless usage history, making them harder to detect and allowing scammers to evade fraud controls.

Analyst 207
Man led away by border officers in airport departure hall.

US Misidentifies Russian Hacker in Extradition Bid

A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

Analyst 207
Network device on a rack in a brightly-lit data center environment.

CISA Warns of Active Exploits Targeting FortiSandbox Flaws

Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

Analyst 207
Formal office setting with laptop, papers, and pen on a desk near a window overlooking a cityscape.

GoSerpent Malware Targets Southeast Asian Governments for Espionage

A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Analyst 207
Windows laptop on a desk in a home office with a person's hands on the keyboard.

Windows Zero-Day Exploit LegacyHive Grants Hackers Admin Privileges

A security researcher, known as Nightmare Eclipse, has uncovered a new Windows zero-day exploit called LegacyHive, which can grant hackers admin privileges with just a few simple steps and some standard user credentials. This alarming vulnerability targets the Windows User Profile Service, putting users at risk of serious security breaches.

Analyst 207
Office setting with laptop showing Microsoft 365 interface and scattered papers.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files

Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Analyst 207
Technician applies security patch to computer system, symbolizing vulnerability fix.

CISA Orders Emergency Patch for Exploited Fortinet Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to patch or mitigate two critical Fortinet vulnerabilities within a tight three-day window, underscoring the severity of these flaws. This urgent action follows the discovery of a critical OS command injection vulnerability in FortiSandbox, allowing attackers to execute unauthorized code or commands.

Analyst 207
Hand reaches for Android smartphone with blurred lock screen on a flat surface.

Google scrambles to fix Android bug that lets Gemini bypass lock screen security

Google is racing to squash a newly discovered Android bug that allows sneaky users to bypass lock screen security and send SMS or WhatsApp messages using Gemini, all without entering the device PIN. A fix has already been implemented and is set to roll out this week.

Analyst 207
Rows of computer equipment hum in a brightly-lit, bustling server room.

The Gentlemen Ransomware Gang Surges to Top Spot

The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

Analyst 207
Network security appliance sits on a table in a government agency setting.

CISA Warns of Actively Exploited Fortinet Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

Analyst 207
Government agency server room with rows of computer equipment and SharePoint technology setup.

CISA Flags Exploited SharePoint Zero-Day Vulnerability

Don't wait until it's too late: Federal agencies have until July 19, 2026, to patch a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, that's already being exploited by hackers to execute malicious code remotely. This high-severity flaw, with a CVSS score of 9.8, could allow attackers to take control of your SharePoint Server if left unpatched.

Analyst 207
Government building with tall windows and daylight streaming in, abstract agents in background.

US Indicts Russians for Running Bulletproof Hosting Services

The FBI has struck a major blow against cybercrime by indicting three Russian nationals and two companies for operating bulletproof hosting services that enabled devastating attacks on US critical infrastructure. This significant move disrupts the backbone of cybercriminal operations, dealing a crucial win for online safety.

Analyst 207