Weekly Recap
Weekly Cybersecurity Recap - 24 March 2025
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
Weekly Cybersecurity Recap - 8 June 2026
Active Exploitation, AI Security Challenges, Supply Chain Risks, and Governance Priorities
By Paratus
Marketing Team
01 / Blog Article
Weekly Cybersecurity Recap - 8 June 2026
Introduction
Cybersecurity developments last week highlighted the growing convergence of AI, software supply chain risk, and enterprise resilience. Active exploitation of critical vulnerabilities continued to dominate the threat landscape, with attackers targeting WordPress environments and Cisco SD-WAN infrastructure, while long-running espionage campaigns demonstrated how threat actors increasingly leverage trusted cloud platforms and legitimate services to evade detection. At the same time, software supply chain attacks remain a major concern, as developers face sophisticated malware campaigns designed to steal credentials and propagate through open-source ecosystems.
Meanwhile, the rapid evolution of artificial intelligence is creating both opportunities and challenges for defenders. Industry discussions centered on the security implications of agentic AI, the surge in AI-discovered vulnerabilities, and the growing importance of governance frameworks capable of managing emerging cyber risks. Organizations are also reassessing broader resilience strategies, including sovereign-cloud security, cyber insurance coverage, and operational technology expansion, as they adapt to a threat landscape that is becoming increasingly interconnected, automated, and difficult to predict.
Vulnerability and Threat Intelligence
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code and fully compromise affected websites. Tracked as CVE-2026-3300 with a CVSS score of 9.8, the remote code execution vulnerability impacts all versions up to 1.9.12. A patch was released in version 1.9.13, but organizations running outdated deployments remain exposed to active attacks.
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
Cisco disclosed another SD-WAN vulnerability that is actively being exploited, bringing the total number of exploited SD-WAN flaws discovered in 2026 to seven. The newly identified vulnerability, CVE-2026-20245, affects the command-line interface of Cisco Catalyst SD-WAN Manager. While a patch is not yet available, authenticated local attackers can exploit the flaw using specially crafted files to execute arbitrary commands as root, highlighting the ongoing targeting of network management platforms.
AI-Driven Bug Tsunami Prompts Exploitability Questions
The cybersecurity industry is experiencing a dramatic increase in reported vulnerabilities as AI-powered tools uncover software flaws at unprecedented speed and scale. Commercial vendors, open-source projects, and vulnerability tracking programs are all reporting record volumes of bug discoveries. However, security experts caution that the growing number of findings raises important questions about exploitability, severity, and the practical risks posed by AI-generated vulnerability reports.
AI and Cybersecurity
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Recent developments involving advanced agentic AI systems have demonstrated both the promise and risks associated with autonomous cybersecurity technologies. Reports surrounding Anthropic’s Claude Mythos preview model and claims of unauthorized access have highlighted the importance of securing the infrastructure supporting AI deployments. As organizations increasingly integrate AI into defensive operations, infrastructure security remains a foundational requirement for safely realizing the benefits of autonomous cyber capabilities.
Without strong governance, companies put credit ratings at risk in AI era
S&P Global has warned that organizations must strengthen cybersecurity governance as AI-driven cyber threats continue to mature. Analysts noted that whether frontier models such as Claude Mythos represent a major technological leap or an incremental advancement, enterprises should reassess their ability to detect, respond to, and manage emerging cyber risks. Effective governance is increasingly viewed as a business imperative, with potential implications extending beyond security into financial performance and creditworthiness.
Supply Chain and Software Ecosystem Security
Rust-Written IronWorm Hits NPM Supply Chain
Researchers identified a new malware campaign known as IronWorm that targets developers through compromised npm publishing workflows and malicious package updates. Written in Rust, the malware is designed to harvest API keys, cloud credentials, SSH keys, and npm publishing tokens, enabling attackers to expand their reach throughout the software supply chain. The campaign demonstrates how modern supply chain threats continue to evolve in sophistication and scale.
Cloud, Data Protection and Enterprise Security
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
A sophisticated espionage operation maintained access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months. According to researchers, attackers systematically copied email data in small batches and routed activity through Dropbox and OneDrive to blend with legitimate cloud traffic. The techniques observed indicate a focus on intelligence gathering rather than financial theft, underscoring the challenges of detecting stealthy cloud-based espionage campaigns.
How CISOs can manage sovereign-cloud security risks
As geopolitical tensions and regulatory requirements continue to evolve, many organizations are evaluating sovereign cloud providers as alternatives to large global cloud platforms. While sovereign cloud environments can reduce certain geopolitical and compliance risks, security leaders must carefully assess the shared responsibility challenges associated with these deployments. Effective governance, visibility, and risk management remain essential regardless of cloud provider location.
Cyber Risk, Insurance and Industry Trends
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Organizations may benefit from stable or declining cyber insurance premiums, but experts warn that expanding policy exclusions could significantly affect coverage during incidents. Analysts report that insurers are refining policies to address evolving threat scenarios, making it increasingly important for organizations to understand coverage limitations and align security investments with insurance requirements.
Dragos Expands Into Connected Devices With Phosphorus Buy
Industrial cybersecurity specialist Dragos announced the acquisition of IoT security company Phosphorus, expanding its capabilities beyond operational technology environments. The move reflects the growing convergence of operational technology, connected devices, and enterprise security, as organizations seek broader visibility and protection across increasingly interconnected environments.
Weekly Recap
Weekly Recap
Weekly Cybersecurity Recap - 7 April 2025
AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS
Weekly Recap
Weekly Cybersecurity Recap - 14 April 2025
Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits
Weekly Recap
Weekly Cybersecurity Recap - 21 April 2025
Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all
Weekly Recap
Weekly Cybersecurity Recap - 28 April 2025
QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.
Weekly Recap
Weekly Cybersecurity Recap - 5 May 2025
TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update
Weekly Recap
Weekly Cybersecurity Recap - 12 May 2025
FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves
Weekly Recap
Weekly Cybersecurity Recap - 19 May 2025
Botnets, Bounties, and the AI Balancing Act
Weekly Recap
Weekly Cybersecurity Recap - 26 May 2025
Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap
Weekly Recap
Weekly Cybersecurity Recap - 2 June 2025
Malware campaigns, breaches, and the $111B cloud security boom
Weekly Recap
Weekly Cybersecurity Recap - 9 June 2025
From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.
Weekly Recap
Weekly Cybersecurity Recap - 16 June 2025
Discord Malware, Salesforce Risks, SME Pressures and more
Weekly Recap
Weekly Cybersecurity Recap - 23 June 2025
Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week
Weekly Recap
Weekly Cybersecurity Recap - 30 June 2025
Emerging Quantum Threats, UAE Cyber Trends, and Critical Exploits – Last Week’s Cybersecurity Recap
Weekly Recap
Weekly Cybersecurity Recap - 7 July 2025
Weekly Cybersecurity Recap: AI-Enhanced Phishing, Android Fraud, and Emerging Risks
Weekly Recap
Weekly Cybersecurity Recap - 14 July 2025
Weekly Cybersecurity Recap: Human Weakness, AI Risks, and Critical Vulnerabilities
Weekly Recap
Weekly Cybersecurity Recap - 11 August 2025
Weekly Cybersecurity Recap: AI-Powered Scams, Vault Flaws, Airline Breaches & GPT-5 Jailbreaks
Weekly Recap
Weekly Cybersecurity Recap - 25 August 2025
Weekly Cybersecurity Recap: Wi-Fi Breaches, AI Risks, and Major Exploits
Weekly Recap
Weekly Cybersecurity Recap - 1 September 2025
AI Ransomware, WhatsApp Zero-Click Exploit, and Salesforce Credential Theft
Weekly Recap
Weekly Cybersecurity Recap - 8 September 2025
AI-powered Threats, Global Partnerships, Zero-Day Exploits & Record DDoS Attack
Weekly Recap
Weekly Cybersecurity Recap - 15 September 2025
npm Breach, Zero-Days, AI Jailbreaks and More
Weekly Recap
Weekly Cybersecurity Recap - 22 September 2025
AI-powered threats, airport cyberattacks, phishing surges & critical vulnerabilities
Weekly Recap
Weekly Cybersecurity Recap - 6 October 2025
Oracle Extortion, Red Hat Breach, and AI Browser Exploits
Weekly Recap
Weekly Cybersecurity Recap - 13 October 2025
New Malware Strains, Supply Chain Risks, and Massive Breaches
Weekly Recap
Weekly Cybersecurity Recap - 20 October 2025
Smart Contract Malware, Corporate Breaches, and Ransomware Disruptions
Weekly Recap
Weekly Cybersecurity Recap - 27 October 2025
GlassWorm Supply Chain Attack, WSUS Exploited, and a $2.5B JLR Fallout
Weekly Recap
Weekly Cybersecurity Recap - 3 November 2025
AI Advances, Cloud Disruptions, and Global Threat Campaigns
Weekly Recap
Weekly Cybersecurity Recap - 17 November 2025
AI Framework Flaws, Mass Supply Chain Abuse, and Rising Ransomware Complexity
Weekly Recap
Weekly Cybersecurity Recap - 24 November 2025
Cloud Outages, AI Botnets, 7-Zip Exploits, and Rising Gulf Security Spend
Weekly Recap
Weekly Cybersecurity Recap - 8 December 2025
AI Risks, RCE Threats, Supply-Chain Abuse & Global Outages
Weekly Recap
Weekly Cybersecurity Recap - 15 December 2025
Zero-Days, AI Risk Warnings, and Escalating Exploits
Weekly Recap
Weekly Cybersecurity Recap - 19 January 2026
Malware Innovation, Zero-Days, and Cloud-Focused Threats
Weekly Recap
Weekly Cybersecurity Recap - 26 January 2026
Identity Attacks, Exploited Trust, and Emerging Global Defenses
Weekly Recap
Weekly Cybersecurity Recap - 2 February 2026
Cyber Risks Escalate Across Industry, Infrastructure, and AI as Attack Surfaces Expand
Weekly Recap
Weekly Cybersecurity Recap - 9 February 2026
Credential Theft, Supply Chain Risks, and Critical Exploits
Weekly Recap
Weekly Cybersecurity Recap - 16 February 2026
From nation-state activity targeting defense infrastructure to malicious browser extensions with tens of millions of downloads, this week’s events highlight how digital risk continues to expand across ecosystems, platforms, and sectors.
Weekly Recap
Weekly Cybersecurity Recap - 23 February 2026
Cyber threats are accelerating across both national infrastructure and enterprise environments. While governments strengthen defensive posture against organized cyberattacks, ransomware operators and AI-enabled adversaries continue to compress response timelines and expand sector targeting.
Weekly Recap
Weekly Cybersecurity Recap - 2 March 2026
This week’s cybersecurity landscape highlights long-term zero-day exploitation, widespread infrastructure compromise, AI-assisted attacks, and escalating credential theft.
Weekly Recap
Weekly Cybersecurity Recap - 9 March 2026
These developments underscore the urgency for organizations to strengthen defenses across identity, infrastructure, and emerging technologies.
Weekly Recap
Weekly Cybersecurity Recap - 16 March 2026
From destructive malware warnings and supply-chain attacks targeting developer ecosystems to vulnerabilities in widely used enterprise platforms, organizations are facing a rapidly evolving threat landscape.
Weekly Recap
Weekly Cybersecurity Recap - 23 March 2026
The latest cybersecurity developments highlight a surge in critical vulnerabilities, targeted ransomware campaigns, and evolving threats tied to remote work and artificial intelligence.
Weekly Recap
Weekly Cybersecurity Recap - 30 March 2026
The past week highlights a cybersecurity landscape shaped by active exploitation, evolving phishing techniques, and growing concerns around artificial intelligence.
Weekly Recap
Weekly Cybersecurity Recap - 6 April 2026
From a sophisticated nation-state operation resulting in a $285 million loss to widespread abuse of open-source ecosystems, attackers are increasingly leveraging both technical and human vulnerabilities to maximize impact.
Weekly Recap
Weekly Cybersecurity Recap - 13 April 2026
From AI models deemed too powerful for public release to persistent weaknesses in cloud and industrial environments, organizations are being forced to rethink how they approach resilience, governance, and threat detection in an increasingly complex ecosystem.
Weekly Recap
Weekly Cybersecurity Recap - 20 April 2026
The cybersecurity landscape is entering a new phase where artificial intelligence is not only transforming defense strategies but also accelerating the scale and sophistication of attacks.
Weekly Recap
Weekly Cybersecurity Recap - 27 April 2026
The cybersecurity landscape is increasingly shaped by the convergence of artificial intelligence, identity-centric threats, and supply chain dependencies.
Weekly Recap
Weekly Cybersecurity Recap - 4 May 2026
The past week underscores a critical shift in cybersecurity, where speed, scale, and automation are redefining both attack and defense dynamics.
Weekly Recap
Weekly Cybersecurity Recap - 11 May 2026
This week also saw critical vulnerability disclosures affecting widely used platforms such as Ivanti EPMM and cPanel/WHM, reinforcing the urgency of patch management and proactive defense strategies.
Weekly Recap
Weekly Cybersecurity Recap - 18 May 2026
Artificial intelligence, identity compromise, and software supply-chain abuse continued to dominate the cybersecurity landscape last week, with organizations facing increasingly automated and fast-moving threats.
Weekly Recap
Weekly Cybersecurity Recap - 25 May 2026
Cybersecurity threats continue to evolve at an aggressive pace, with last week highlighting a dangerous mix of supply chain compromises, actively exploited vulnerabilities, and escalating attacks against critical industries.
Weekly Recap
Weekly Cybersecurity Recap - 1 June 2026
Last week’s cybersecurity developments once again highlighted the growing risks tied to software supply chains, credential theft, and social engineering attacks.
Protect your business with Paratus
Ready to get started? Fill out the form below and we'll get back to you in no time!
risk decrease
96%
Risks from dealing with clients and traders decrease by 96%