Tag: Cyber Threats

CISA has added the critical Joomla JCE vulnerability CVE 2026 48907 to its Known Exploited Vulnerabilities catalog following reports of active exploitation, while researchers also uncover large scale attacks targeting WordPress websites through supply chain compromises and malicious plugins.

Cybersecurity researchers have identified multiple ClickFix campaigns distributing malware loaders including BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, highlighting evolving attack techniques that leverage social engineering, compromised websites, and fake software updates.

Google uncovers a China linked cyber espionage campaign that abused Google Workspace rules to steal sensitive research and defense emails from organizations across United States and Canada.

Cybersecurity researchers uncover new Windows variants of China linked SprySOCKS malware featuring driver based stealth, TCP traffic diversion, and targeting organizations across multiple countries including Pakistan.

Palo Alto Networks confirms active exploitation of PAN OS vulnerability CVE 2026 0257 affecting GlobalProtect VPN portals, urging customers to review logs and mitigate risks.

Google’s cybersecurity teams have identified an active cyber campaign linked to ShinyHunters targeting Oracle PeopleSoft systems, with higher education institutions among the most affected sectors.

Threat actor PCPJack hijacked 230 AWS, Google Cloud, and Microsoft Azure servers to establish a covert SMTP relay network, according to Hunt.io findings.

A new supply chain attack called Miasma has compromised Red Hat npm packages to steal credentials, target CI/CD environments, and deploy a self propagating malware campaign affecting developers and cloud systems.

Iran linked hacking group MuddyWater has launched a cyber espionage campaign targeting organizations across nine countries using DLL side loading, credential theft, and covert access techniques.

This week’s cybersecurity developments included Linux kernel flaws, Microsoft Defender zero days, GitHub supply chain compromises, active router botnets, and increasing exploitation of vulnerabilities worldwide.

European and North American authorities have dismantled First VPN Service, a criminal VPN infrastructure reportedly used by 25 ransomware groups to conceal cyberattacks, fraud, and data theft operations.

New cybersecurity research highlights how vulnerable Windows kernel mode drivers may remain exploitable without dedicated hardware, raising concerns around BYOVD attacks and endpoint security risks.