Home

CYBER SECURITY NEWS

• Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
  May 8, 2026
  Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve […]
• PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
  May 8, 2026
  Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
  May 7, 2026
  The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot. If a single laptop gets compromised on […]
• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
  May 7, 2026
  Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an […]
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
  May 7, 2026
  Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a […]
• Day Zero Readiness: The Operational Gaps That Break Incident Response
  May 7, 2026
  Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In […]
• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
  May 7, 2026
  Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky 

LATEST POSTS

• Data Protection and Backup
• Awakening Conference Byron Bay (19th – 21st September) 2025
• Online Conference 14th September (Sydney A.E.S.T)
• WebRoot Zero Day Malware Protection
• Cyber Security (MailGuard)