Latest news

Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East
Cybercrime

Iran-Linked Black Shadow Group Obliterates IT, Backups and Recovery Systems Across US and Middle East

5 June 2026 dark6

Operating under the cover name Ababil of Minab, Iran-linked APT group Black Shadow launched a wave of destructive attacks against...
Read more 0
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
Read more 0
TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz
Malware

TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz

5 June 2026 dark6

Proofpoint exposes TA4922, a Chinese-speaking cybercrime group conducting more unique campaigns than any other tracked actor in 2026, deploying Atlas...
Read more 0
The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew
Ransomware

The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew

5 June 2026 dark6

Russian-speaking ransomware group The Gentlemen ranks second in 2026 activity, exploiting Fortinet vulnerabilities, deploying the custom G-BOT C2 framework, using...
Read more 0
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Cybercrime

Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR

4 June 2026 dark6

Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0
CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now
Vulnerability

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026 dark6

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the...
Read more 0
WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography
Malware

WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography

3 June 2026 dark6

A sophisticated malware campaign has compromised approximately 1,900 WordPress sites using Steam Community profile pages as a covert C2 channel....
Read more 0
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4
Vulnerability

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026 dark6

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active...
Read more 0
FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign
Spyware

FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign

3 June 2026 dark6

Russia's FSB announced the disruption of a foreign intelligence campaign implanting advanced spyware on senior officials' mobile phones, enabling silent...
Read more 0
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0