Latest news

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics
Vulnerability

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics

16 June 2026 dark6

Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June...
Read more 0
CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access
Vulnerability

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026 dark6

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts...
Read more 0
CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks
Vulnerability

CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks

16 June 2026 dark6

Cisco has confirmed active zero-day exploitation of CVE-2026-20262, an arbitrary-file-write vulnerability in Catalyst SD-WAN Manager (vManage) that allows attackers to...
Read more 0
CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root
Vulnerability

CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root

16 June 2026 dark6

A critical actively exploited zero-day in the LiteSpeed cPanel user-end plugin (CVE-2026-54420) enables attackers to escalate privileges to root, breaking...
Read more 0
CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate
Vulnerability

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026 dark6

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those...
Read more 0
GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners
Malware

GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners

12 June 2026 dark6

GoFlateLoader, a new Go-based malware loader active since April 2026, has infected over 33,000 users globally by exploiting a simple...
Read more 0
CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution
Vulnerability

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026 dark6

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on...
Read more 0
OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors
Cybercrime

OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors

12 June 2026 dark6

The Vietnamese state-aligned threat group OceanLotus (APT32) hijacked the update server of popular investment software FireAnt MetaKit to deliver the...
Read more 0
ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data
Vulnerability

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data

11 June 2026 dark6

ServiceNow has confirmed a security vulnerability allowing unauthorized actors to query customer instance tables without proper authentication, potentially exposing sensitive...
Read more 0
Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows
Phishing

Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows

11 June 2026 dark6

A sophisticated phishing campaign called Operation TaxShadow is targeting Windows users with fake government tax notifications that deliver multi-stage fileless...
Read more 0
Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
Malware

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control

11 June 2026 dark6

A malicious npm package named dbmux was discovered containing malware that gives attackers complete control over any developer system that...
Read more 0
Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM
Vulnerability

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026 dark6

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to...
Read more 0