Explore

Rapid Read Rapid Read
Cybersecurity Firm Defiant Warns of Critical Ninja Forms Vulnerability Affecting WordPress Sites

Cybersecurity Firm Defiant Warns of Critical Ninja Forms Vulnerability Affecting WordPress Sites

A critical vulnerability has been identified in the File Uploads addon for the Ninja Forms WordPress plugin, which could allow threat actors to take over vulnerable websites. The cybersecurity firm Defiant has reported that this addon is used by approximately 50,000 websites, and there have been thousands of attempts to exploit the vulnerability. The flaw, tracked as CVE-2026-0740, is an unauthenticated arbitrary file upload issue due to missing file type validation. This vulnerability allows attackers to upload malicious PHP code to a website's server, potentially leading to remote code execution. The issue was discovered and reported via the Wordfence bug bounty program, with a security researcher receiving a reward for identifying the flaw. Users are advised to upgrade to the latest version of the addon to mitigate the risk.
Trendline Trendline
Rapid7 Report Highlights Accelerating Exploitation of Software Vulnerabilities

Rapid7 Report Highlights Accelerating Exploitation of Software Vulnerabilities

Rapid7 Report Highlights Accelerating Exploitation of Software Vulnerabilities
Trendline Trendline
UNC6783 Cyber Group Targets BPO Companies to Steal Corporate Data

UNC6783 Cyber Group Targets BPO Companies to Steal Corporate Data

UNC6783 Cyber Group Targets BPO Companies to Steal Corporate Data
Rapid Read Rapid Read
Critical Marimo Vulnerability Exploited Shortly After Disclosure

Critical Marimo Vulnerability Exploited Shortly After Disclosure

A critical vulnerability in Marimo, an open-source reactive notebook for Python, was exploited within hours of its public disclosure. The flaw, identified as CVE-2026-39987, allows unauthenticated remote code execution due to a lack of authentication validation in the terminal WebSocket endpoint. Sysdig reported that an attacker quickly developed an exploit from the advisory description, leading to credential theft and system command execution. The vulnerability affects all Marimo releases up to version 0.20.4, with users advised to update to version 0.23.0 or newer.
Rapid Read Rapid Read
UNC6783 Cyberattack Targets BPO Companies, Compromises Corporate Data

UNC6783 Cyberattack Targets BPO Companies, Compromises Corporate Data

The UNC6783 threat group has launched a sophisticated cyberattack campaign targeting business process outsourcing (BPO) companies to access corporate data from numerous high-value organizations. According to the Google Threat Intelligence Group (GTIG), the group is linked to the online hacking persona Mr. Raccoon, who is allegedly responsible for a recent Adobe data breach. The attackers exploit trust relationships between organizations and BPO vendors, bypassing perimeter security systems. This supply chain approach represents a strategic shift in cyberattack methods. The group uses malicious emails to deploy Remote Access Tools (RATs) and employs social engineering tactics, such as creating domains that mimic legitimate support infrastructure, to evade detection.
Rapid Read Rapid Read
US Authorities Disrupt Russian Espionage Operation Using Hacked Routers

US Authorities Disrupt Russian Espionage Operation Using Hacked Routers

The US Justice Department and the FBI have announced the disruption of a Russian espionage operation involving hacked SOHO routers. The operation was linked to the threat actor known as APT28, Forest Blizzard, and Fancy Bear, believed to be backed by Russia's GRU. The hackers targeted vulnerable TP-Link and MikroTik routers, altering their DHCP and DNS settings to redirect traffic through their infrastructure. This adversary-in-the-middle attack allowed the capture of encrypted traffic, including passwords and emails. The attack exploited a known vulnerability, CVE-2023-50224, to control TP-Link routers. Microsoft identified over 200 organizations and 5,000 consumer devices affected by the attack, which began in August 2025.
Trendline Trendline
Zephyr Energy Loses Nearly $1 Million in Cyberattack Targeting U.S. Subsidiary

Zephyr Energy Loses Nearly $1 Million in Cyberattack Targeting U.S. Subsidiary

Zephyr Energy Loses Nearly $1 Million in Cyberattack Targeting U.S. Subsidiary
Trendline Trendline
Flowise Vulnerability Exploited by Attackers, Posing Security Risks

Flowise Vulnerability Exploited by Attackers, Posing Security Risks

Flowise Vulnerability Exploited by Attackers, Posing Security Risks
Trendline Trendline
Critical Ninja Forms Vulnerability Exposes WordPress Sites to Takeover

Critical Ninja Forms Vulnerability Exposes WordPress Sites to Takeover

Critical Ninja Forms Vulnerability Exposes WordPress Sites to Takeover
Trendline Trendline
Critical Flowise Flaw Exploited by Hackers, Affecting Thousands of AI Workflows

Critical Flowise Flaw Exploited by Hackers, Affecting Thousands of AI Workflows

Critical Flowise Flaw Exploited by Hackers, Affecting Thousands of AI Workflows
Rapid Read Rapid Read
Apache ActiveMQ Classic Vulnerability Exposed for 13 Years, Poses Security Risks

Apache ActiveMQ Classic Vulnerability Exposed for 13 Years, Poses Security Risks

A remote code execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic, a widely used open-source messaging and integration patterns server, which has been present for 13 years. The vulnerability, tracked as CVE-2026-34197, allows attackers to invoke management operations through the Jolokia API, potentially retrieving remote configuration files and executing OS commands. This security defect can be exploited by chaining it with an older flaw, CVE-2022-41678, which allows attackers to write webshells to disk. The issue has been addressed in ActiveMQ Classic versions 5.19.4 and 6.2.3, and users are advised to update their deployments promptly.
Rapid Read Rapid Read
GPUBreach: New GPU Rowhammer Attack Achieves Root Shell Access

GPUBreach: New GPU Rowhammer Attack Achieves Root Shell Access

Researchers from the University of Toronto have discovered a new Rowhammer attack, named GPUBreach, that targets GPU memory to escalate privileges and achieve root shell access. This attack exploits the Rowhammer technique, which induces bit flips in memory cells through repeated access, to corrupt GPU page tables and enable arbitrary read-write access. The attack leverages memory-safety bugs in Nvidia drivers, posing a significant threat to cloud environments where multiple users share the same GPU. The researchers reported their findings to Nvidia, and major cloud providers like Microsoft, AWS, and Google have been notified.