Latest news

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
Vulnerability

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now

8 June 2026 dark6

CISA has added CVE-2022-0492, a Linux kernel improper authentication flaw, to its Known Exploited Vulnerabilities catalog. The vulnerability enables privilege...
Read more 0
CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure
Vulnerability

CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure

8 June 2026 dark6

CISA, the FBI, NSA, and five other federal agencies have issued a joint advisory confirming active cyberattacks against Automatic Tank...
Read more 0
CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access
Vulnerability

CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access

8 June 2026 dark6

Ivanti has disclosed a high-severity privilege escalation vulnerability in its Neurons for ITSM platform, tracked as CVE-2026-9614 with a CVSS...
Read more 0
JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises
Malware

JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises

8 June 2026 dark6

A previously unknown remote access trojan called JS.MonoGlyphRAT is spreading through US businesses disguised as routine purchase orders and business...
Read more 0
HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
Vulnerability

HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

8 June 2026 dark6

A newly disclosed exploit called the 'HTTP/2 Bomb' can exhaust tens of gigabytes of server memory in seconds using just...
Read more 0
Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East
Cybercrime

Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East

5 June 2026 dark6

Operating under the cover name Ababil of Minab, Iran-linked APT group Black Shadow launched a wave of destructive attacks against...
Read more 0
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
Read more 0
TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz
Malware

TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz

5 June 2026 dark6

Proofpoint exposes TA4922, a Chinese-speaking cybercrime group conducting more unique campaigns than any other tracked actor in 2026, deploying Atlas...
Read more 0
The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew
Ransomware

The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew

5 June 2026 dark6

Russian-speaking ransomware group The Gentlemen ranks second in 2026 activity, exploiting Fortinet vulnerabilities, deploying the custom G-BOT C2 framework, using...
Read more 0
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Cybercrime

Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR

4 June 2026 dark6

Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0