Latest news
Vulnerability
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
23 April 2026 dark6
A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being...
Vulnerability
Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk
21 April 2026 dark6
Cisco has patched four critical vulnerabilities in Identity Services Engine (ISE) and Webex, including an unauthenticated remote code execution flaw...
Databreach
Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline
21 April 2026 dark6
Inditex, owner of Zara and Bershka, has confirmed a data breach affecting transaction records accessed via a third-party analytics platform,...
Databreach
Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise
20 April 2026 dark6
Cloud development platform Vercel confirmed a security breach traced to a compromised employee account at third-party AI platform Context.ai. The...
Vulnerability
Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
20 April 2026 dark6
A critical improper access control vulnerability in Fortinet FortiClientEMS (CVE-2026-35616, CVSS 9.1) is being actively exploited following the publication of...