Latest news

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate
Vulnerability

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026 dark6

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those...
Read more 0
GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners
Malware

GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners

12 June 2026 dark6

GoFlateLoader, a new Go-based malware loader active since April 2026, has infected over 33,000 users globally by exploiting a simple...
Read more 0
CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution
Vulnerability

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026 dark6

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on...
Read more 0
OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors
Cybercrime

OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors

12 June 2026 dark6

The Vietnamese state-aligned threat group OceanLotus (APT32) hijacked the update server of popular investment software FireAnt MetaKit to deliver the...
Read more 0
ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data
Vulnerability

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data

11 June 2026 dark6

ServiceNow has confirmed a security vulnerability allowing unauthorized actors to query customer instance tables without proper authentication, potentially exposing sensitive...
Read more 0
Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows
Phishing

Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows

11 June 2026 dark6

A sophisticated phishing campaign called Operation TaxShadow is targeting Windows users with fake government tax notifications that deliver multi-stage fileless...
Read more 0
Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
Malware

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control

11 June 2026 dark6

A malicious npm package named dbmux was discovered containing malware that gives attackers complete control over any developer system that...
Read more 0
Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM
Vulnerability

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026 dark6

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to...
Read more 0
UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion
Cybercrime

UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion

10 June 2026 dark6

Google Cloud Mandiant has documented a sustained UNC3753 (Luna Moth) campaign targeting US law firms from January–May 2026. The group...
Read more 0
SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP
Vulnerability

SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP

10 June 2026 dark6

SAP's June 2026 Security Patch Day addressed 15 security notes including four critical vulnerabilities. The most severe — CVE-2026-44748 (CVSS...
Read more 0
Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage
Cybercrime

Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage

10 June 2026 dark6

A new extortion group called Pink (CL-CRI-1147) has emerged, targeting enterprise organizations through voice phishing to steal Microsoft 365 credentials...
Read more 0
Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately
Vulnerability

Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately

10 June 2026 dark6

Google has released Chrome 149.0.7827.53 with 429 security fixes, including 22 rated critical. The patch covers use-after-free and memory corruption...
Read more 0