T1059.007 - JavaScript is a mitre_attack tracked across 50 threat clusters and 145 intelligence report mentions on ThreatCluster. First observed November 20, 2025; most recent activity July 17, 2026.
DbGate's JSON script runner has a critical vulnerability (CVE-2026-47668) that allows unauthenticated remote code execution via the functionName parameter in JSON script assign commands. The vulnerability arises from…
Russian state-backed hackers from APT28 are actively exploiting a high-severity stored cross-site scripting vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities.…
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
The Google Threat Intelligence Group has identified DarkSword, a full-chain iOS exploit affecting versions 18.4 to 18.7. This exploit leverages multiple zero-day vulnerabilities, including CVE-2025-31277 and…
SiYuan, an open-source personal knowledge management system, has disclosed a critical stored cross-site scripting (XSS) vulnerability that can escalate to remote code execution (RCE) in its Electron desktop client. The…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
A critical vulnerability (CVE-2026-8206) in the Kirki WordPress plugin allows unauthenticated attackers to hijack user accounts, including admin accounts, on over 500,000 websites. Detected by Defiant's Wordfence…
A phishing campaign targeting Ukrainian government organizations has been attributed to the Belarus-aligned Ghostwriter group, also known as UAC-0057. The campaign involves sending emails with PDF attachments that lead…
A suspected China-aligned threat group, tracked as UNK_MassTraction, has been exploiting vulnerabilities in Roundcube mail servers at U.S. and Canadian universities since May 2026. The campaign targets physics and…