WordPress Sites Under Fire From Everest Forms Pro Code Injection Flaw
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.
A dark web tutorial by "Hercules" breaks vulnerability exploitation into steps any beginner can follow - and it's spreading fast.
Dutch authorities arrested two hosting company co-owners and seized 800 servers tied to Russian cyberattacks and disinformation operations inside the EU.
A new skimming campaign routes stolen payment data through api.stripe.com, bypassing CSP filters by abusing trusted infrastructure.
A flaw in Claude Code's GitHub Action let any attacker with a bot account hijack public repos and steal write credentials via prompt injection.
DentaQuest's breach exposed 2.6 million accounts including health IDs and insurance data after ShinyHunters published 234 GB when negotiations collapsed.
A high-severity zero-day in Cisco Catalyst SD-WAN Manager lets low-privilege attackers escalate to root. No patch is available yet.
Fake FIFA domains, banking trojans in streaming apps, and a single Chinese-speaking operation running 300 cloned login pages - all live before June 11.
A self-replicating worm has compromised 73 Microsoft GitHub repositories across Azure, MicrosoftDocs, and related orgs, disabling developer access.
A Rust-based infostealer called IronWorm compromised 36 npm packages, targeting AWS, OpenAI, and SSH credentials via a stealthy supply-chain attack.
Conflict gives scammers powerful lures built on fear and sympathy. Learn which scams thrive during geopolitical turmoil and how to avoid them.
A new espionage cluster called OP-512 is deploying a custom three-shell web framework against Microsoft IIS servers, with China attribution at moderate-to-high