Latest news
Malware
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack
19 May 2026 dark6
Four malicious npm packages have been discovered stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, with one variant...
Vulnerability
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
18 May 2026 dark6
Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Vulnerability
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
18 May 2026 dark6
Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Vulnerability
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
17 May 2026 dark6
A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...