Silent Ransom Group Targets Law Firms with Fake IT Support Calls
Mandiant and the FBI warn that Silent Ransom Group is using fake IT support calls, remote access tools, and even in-person impostors to steal law firm data.
News desk
Cybersecurity News & Analysis
Security incidents, exploited vulnerabilities, breach reports, and urgent patch notes, arranged for fast scanning like a daily cyber newspaper.
June 16, 2026
Latest reports
Kirki CVE-2026-8206: WordPress Admin Takeover Flaw Is Exploited
Kirki CVE-2026-8206 is being exploited to hijack WordPress accounts. Update to 6.0.7+ and check password resets, admin users, and site files.
Mirasvit Cache Warmer CVE-2026-45247: Magento RCE Added to CISA KEV
CISA added Mirasvit Cache Warmer CVE-2026-45247 to KEV. Magento and Adobe Commerce stores should update to 1.11.12 and review suspicious CacheWarmer cookie traffic.
Red Hat npm Packages Hit by Miasma Credential-Stealing Worm
A Miasma supply-chain attack compromised @redhat-cloud-services npm packages with a credential-stealing worm. Developers should check lockfiles, CI runners, and rotate exposed secrets.
Android CVE-2025-48595: June Patch Fixes Exploited Framework Flaw
Google's June 2026 Android update fixes CVE-2025-48595, a high-severity Framework flaw that may already be under targeted exploitation.
Windows Netlogon CVE-2026-41089: Domain Controller RCE Is Now Exploited
Belgium's CCB says Windows Netlogon CVE-2026-41089 is now exploited. Patch domain controllers, restrict Netlogon paths, and check for suspicious authentication activity.
Oracle WebLogic CVE-2024-21182 Added to CISA KEV After Exploitation
CISA added Oracle WebLogic Server CVE-2024-21182 to KEV, giving exposed T3/IIOP deployments a short June 4 remediation window.
Dutch Botnet Takedown: 17 Million Devices Were Used as Cybercrime Proxies
Dutch police and NCSC took down a 17 million-device botnet. Check routers, IoT devices, proxy apps, and strange outgoing traffic.
WP Maps Pro CVE-2026-8732: Admin Account Takeover Is Being Exploited
Attackers are exploiting WP Maps Pro CVE-2026-8732 to create rogue WordPress administrator accounts. Site owners should update to 6.1.1 and audit users and logs.
