CyberNews: 07/06/2026 Edition

Published by Dunateo on 2026-06-07

Today’s roundup

  • C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
  • Silent Ransom Group targets law firms with fake IT support calls
  • Critical Everest Forms Pro flaw exploited to take over WordPress sites
  • DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People
  • U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
  • Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

    • Summary

    A new Gafgyt botnet variant, C0XMO, is actively exploiting a flaw in DD-WRT router firmware. This botnet can spread across various CPU architectures and is noted for eliminating rival malware on infected devices to maintain exclusive control. Its discovery highlights ongoing threats to IoT devices and the aggressive tactics of botnet operators.


    Mandiant reports that the Silent Ransom Group (SRG) is actively targeting U.S. law firms and professional services organizations through social engineering attacks. These attacks frequently lead to data theft within hours of initial contact, posing a significant risk to sensitive client information and operational continuity for targeted firms.


    Hackers are actively exploiting CVE-2026-3300, a critical vulnerability found in the Everest Forms Pro WordPress plugin. This flaw allows attackers to gain complete administrative control over affected WordPress websites, underscoring the importance of timely plugin updates and robust security practices for web administrators.


    The ShinyHunters extortion group has published 234 GB of data allegedly stolen from dental benefits administrator DentaQuest, potentially impacting 2.6 million individuals. The leaked information includes names, email addresses, phone numbers, physical addresses, and healthcare-related records, some containing Medicaid IDs. DentaQuest confirmed a cybersecurity incident and is cooperating with law enforcement following failed negotiations with the attackers.


    CISA has added an actively exploited SolarWinds Serv-U denial-of-service (DoS) vulnerability, tracked as CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) catalog. The unauthenticated flaw allows a remote attacker to crash the Serv-U service by sending a specially crafted HTTP POST request. Federal Civilian Executive Branch (FCEB) agencies are mandated to patch this vulnerability by June 19, 2026, to mitigate risks.


    Reports indicate that Anthropic has deployed approximately six engineers to the U.S. National Security Agency (NSA) to assist with the use of Mythos, its most capable AI model, for offensive cybersecurity operations. Mythos is known for its advanced capabilities, including finding and exploiting zero-day vulnerabilities and executing complex network attacks, which raises questions about the ethical deployment of AI in national security amid ongoing policy disputes with the Pentagon.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-3300 Critical
    CVE-2026-28318 High