Cybersecurity Update June 5, 2026: SD-WAN Zero-Day Exploited, Everest Forms Plugin Attacks, Mythos AI Boosts EU Defenses

CybersecFriday, June 5, 2026

50 articles analyzed by AI / 190 total

Key points

Audio player

0:00 / 0:00

•Cisco announced an actively exploited zero-day vulnerability in its SD-WAN product on June 5, 2026, highlighting ongoing threats to network infrastructure and compelling enterprises to urgently apply mitigations.[Cybersecurity Dive]
•A critical remote code execution vulnerability (CVE-2026-3300) in Everest Forms Pro, affecting about 4,000 WordPress sites, is being actively exploited by hackers to fully compromise affected websites, raising concerns for widespread WordPress security.[The Hacker News RSS]
•Supply chain attacks targeting the npm ecosystem through IronWorm and a new Miasma Worm variant have compromised over 50 packages, showing increasing threats to software development dependencies and open-source trust.[The Hacker News]
•The FCC plans to strengthen cybersecurity regulations for emergency alert systems to guard against cyberattacks aimed at disrupting national alert mechanisms, with a vote anticipated soon to update rules and mitigate such risks.[TVTechnology][TVTechnology]
•The Android spyware named Asin is targeting Arabic users via social engineering through fake news, PDFs, and war map apps, representing a targeted campaign that exploits regional sociopolitical contexts for cyber espionage.[The Hacker News]
•IBM i Management Central version V7R4 and earlier suffers from a serious unauthenticated remote code execution vulnerability accessible via port 5555, enabling attackers to breach systems without credentials and increasing risk to enterprise deployments.[Reddit /r/netsec]
•The PCPJack threat group hijacked 230 cloud servers from leading providers AWS, Google Cloud, and Azure to assemble a stealthy SMTP relay network, highlighting the persistent abuse of cloud infrastructure for malicious spam and phishing campaigns across multiple continents.[The Hacker News RSS]
•U.S. Senator Mark Warner introduced legislation to restore annual federal funding to $50 million for MS-ISAC, enhancing cybersecurity support for state and local governments, addressing critical gaps in public sector cyber defenses amid increasing attacks.[StateScoop]
•The EU's lead cybersecurity agency will gain early access to Mythos AI technology, a development expected to bolster Europe’s defenses against sophisticated cyber threats through advanced AI-driven detection and response capabilities.[CPO Magazine]
•A whistleblower, a former IBM cyber executive, has accused IBM of concealing multiple data breaches, raising serious questions about corporate cybersecurity transparency and governance at one of the world's largest technology companies.[TechCrunch]

Relevant articles

Cisco warns zero-day flaw in SD-WAN is being exploited - Cybersecurity Dive

9/10

Cisco has issued a warning on June 5, 2026, about a zero-day vulnerability in its SD-WAN product that is actively being exploited by attackers, posing significant security risks to organizations using the technology.

Cybersecurity Dive · 6/5/2026, 4:01:45 PM

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

9/10

Threat actors are exploiting a critical remote code execution flaw (CVE-2026-3300, CVSS 9.8) affecting Everest Forms Pro WordPress plugin, which has around 4,000 active sites, enabling full site takeover.

The Hacker News RSS · 6/5/2026, 8:38:59 AM

Former cyber executive turned whistleblower accuses IBM of covering up several data breaches - TechCrunch

8/10

A former IBM cyber executive turned whistleblower alleges that IBM covered up multiple data breaches, raising concerns over corporate transparency and cybersecurity governance within the company.

TechCrunch · 6/5/2026, 8:31:04 PM

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks - The Hacker News

8/10

The npm ecosystem has been targeted by supply chain attacks using IronWorm and a new Miasma Worm variant, which deploy malicious Rust-based information stealers and self-propagating worms affecting over 50 packages.

The Hacker News · 6/5/2026, 6:05:00 PM

FCC to Vote on Strengthening Cybersecurity Rules for Emergency Alerts - TVTechnology

8/10

The FCC is planning to vote on measures to strengthen cybersecurity rules for emergency alert systems to protect against malicious disruptions, potentially resulting in updated national security standards.

TVTechnology · 6/5/2026, 6:42:01 PM

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps - The Hacker News

8/10

The Android spyware 'Asin' campaign targets Arabic users through fake news, PDFs, and war map apps, representing a focused cyber espionage operation exploiting cultural and regional vectors.

The Hacker News · 6/5/2026, 2:53:00 PM

Unauthenticated RCE as QSECOFR via IBM i Management Central — port 5555, client-controlled verify flag, no credentials required (V7R4 and earlier)

8/10

IBM i Management Central (V7R4 and earlier) is reported vulnerable to unauthenticated remote code execution via port 5555 due to a client-controlled verify flag, creating a risk without the need for credentials.

Reddit /r/netsec · 6/5/2026, 11:35:56 AM

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

8/10

The PCPJack threat actor hijacked 230 servers across AWS, Google Cloud, and Azure platforms to build a covert SMTP relay network used for malicious email activities in regions including the US, Europe, and Asia.

The Hacker News RSS · 6/5/2026, 5:34:19 AM

Sen. Mark Warner introduces bill to restore MS-ISAC funding, boosting federal cyber support to $50M annually - StateScoop

7/10

Senator Mark Warner introduced a bill on June 5, 2026, to restore funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), boosting federal cybersecurity support to $50 million annually to aid state and local defenses.

StateScoop · 6/5/2026, 4:03:21 PM

Lead EU Cybersecurity Agency to Receive Early Access to Mythos AI - CPO Magazine

7/10

The leading EU cybersecurity agency is set to receive early access to the Mythos AI platform, which could significantly enhance EU cyber defense capabilities against advanced threats.

CPO Magazine · 6/5/2026, 4:00:00 PM