Latest news

Cavern Manticore: Iranian-Linked APT Abuses SysAid RMM and DLL Sideloading to Deploy Modular C2 Framework
Malware

Cavern Manticore: Iranian-Linked APT Abuses SysAid RMM and DLL Sideloading to Deploy Modular C2 Framework

7 July 2026 dark6

A newly identified Iranian-linked group, Cavern Manticore, is abusing the SysAid RMM platform and DLL sideloading via WinDirStat to deploy...
Januscape: 16-Year-Old Linux KVM Flaw (CVE-2026-53359) Lets Malicious VMs Corrupt Host Kernel Memory
Vulnerability

Januscape: 16-Year-Old Linux KVM Flaw (CVE-2026-53359) Lets Malicious VMs Corrupt Host Kernel Memory

7 July 2026 dark6

A 16-year-old flaw in Linux KVM, tracked as CVE-2026-53359 and dubbed Januscape, lets a malicious guest VM corrupt host kernel...
Tenda Router Backdoor (CVE-2026-11405) Lets Attackers Skip Login and Seize Full Admin Control
Vulnerability

Tenda Router Backdoor (CVE-2026-11405) Lets Attackers Skip Login and Seize Full Admin Control

7 July 2026 dark6

A hardcoded authentication backdoor in Tenda FH1201, W15E, AC10, AC5, and AC6 routers (CVE-2026-11405) lets attackers log in as admin...
Critical BeyondTrust Flaws (CVSS 9.2) in Remote Support and PRA Let Attackers Bypass Access Controls
Vulnerability

Critical BeyondTrust Flaws (CVSS 9.2) in Remote Support and PRA Let Attackers Bypass Access Controls

7 July 2026 dark6

BeyondTrust disclosed critical flaws (advisory BT26-03, CVSS 9.2) in Remote Support and Privileged Remote Access that let limited-privilege users bypass...
New “Bad Epoll” Linux Zero-Day Lets Local Users Root Servers and Android Devices
Vulnerability

New “Bad Epoll” Linux Zero-Day Lets Local Users Root Servers and Android Devices

6 July 2026 dark6

A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) lets a local, unprivileged user escalate to root on Linux...
PamStealer: New macOS Infostealer Disguises Itself as the Maccy Clipboard Manager
Malware

PamStealer: New macOS Infostealer Disguises Itself as the Maccy Clipboard Manager

6 July 2026 dark6

PamStealer is a newly discovered macOS infostealer that impersonates the Maccy clipboard manager, using a two-stage AppleScript-to-Rust infection chain to...
Seven New CVEs in FatFs Filesystem Driver Put Millions of Embedded and IoT Devices at Risk
Vulnerability

Seven New CVEs in FatFs Filesystem Driver Put Millions of Embedded and IoT Devices at Risk

6 July 2026 dark6

runZero has disclosed seven new CVEs in FatFs, the FAT/exFAT filesystem driver used across ESP-IDF, STM32Cube, Zephyr, MicroPython, and countless...
New T3MP3ST Framework Turns AI Coding Agents Into Autonomous 0-Day Hunters
AI

New T3MP3ST Framework Turns AI Coding Agents Into Autonomous 0-Day Hunters

6 July 2026 dark6

T3MP3ST, a new open-source framework, turns AI coding agents like Claude Code and Codex into autonomous red-teaming operators, claiming strong...
Apache ActiveMQ Patches Three Vulnerabilities Enabling DoS, Data Leakage, and Privilege Escalation
Vulnerability

Apache ActiveMQ Patches Three Vulnerabilities Enabling DoS, Data Leakage, and Privilege Escalation

6 July 2026 dark6

Apache ActiveMQ users should urgently patch three newly disclosed vulnerabilities — CVE-2026-53917, CVE-2026-54475, and CVE-2026-49877 — that can crash brokers,...
Flipper Zero Maker Overhauls Firmware Contribution Rules After Community Backlash
Cybercrime

Flipper Zero Maker Overhauls Firmware Contribution Rules After Community Backlash

6 July 2026 dark6

Flipper Devices has rolled out new firmware contribution rules, including GitHub Discussions-based feature voting and mandatory integration testing, after community...
Cybersecurity Week in Review: AI Model Redeployment, a Linux Root Zero-Day, and Hundreds of Chrome Patches
Cybercrime

Cybersecurity Week in Review: AI Model Redeployment, a Linux Root Zero-Day, and Hundreds of Chrome Patches

6 July 2026 dark6

This week: Anthropic's Claude Mythos 5 returns to critical infrastructure use, a near-100%-reliable Linux root zero-day emerges, Chrome patches 382...
Microsoft Ships KB5095189 Cumulative Update to Patch the Windows 11 Setup Experience
Vulnerability

Microsoft Ships KB5095189 Cumulative Update to Patch the Windows 11 Setup Experience

6 July 2026 dark6

Microsoft's KB5095189 update patches the Windows 11 setup experience for versions 24H2 and 25H2. It carries no CVE, but enterprises...