Latest news

LastPass Customer Data Exposed Through Klue Supply Chain Attack — OAuth Tokens Abused to Access Salesforce CRM
Databreach

LastPass Customer Data Exposed Through Klue Supply Chain Attack — OAuth Tokens Abused to Access Salesforce CRM

24 June 2026 dark6

LastPass disclosed a supply chain breach via vendor Klue, where stolen OAuth tokens gave attackers access to customer CRM data...
Read more 0
Eight-Year-Old Samsung KNOX Flaw Exposed Hundreds of Millions of Galaxy Devices to Kernel Attacks
Vulnerability

Eight-Year-Old Samsung KNOX Flaw Exposed Hundreds of Millions of Galaxy Devices to Kernel Attacks

24 June 2026 dark6

A critical use-after-free vulnerability in Samsung's KNOX PROCA subsystem — undetected for 8 years — could allow kernel-level compromise on...
Read more 0
Bajaj Auto Confirms Ransomware Attack — Both Parent Company and Tech Subsidiary Affected
Ransomware

Bajaj Auto Confirms Ransomware Attack — Both Parent Company and Tech Subsidiary Affected

24 June 2026 dark6

Bajaj Auto disclosed a ransomware attack on June 23, 2026, affecting systems at the company and its subsidiary BATL. The...
Read more 0
DifyTap: Critical Flaws in AI Platform Dify Allow Silent Wiretapping of AI Conversations Across 1M+ Apps
Vulnerability

DifyTap: Critical Flaws in AI Platform Dify Allow Silent Wiretapping of AI Conversations Across 1M+ Apps

24 June 2026 dark6

Researchers at Zafran disclosed four vulnerabilities in Dify — including two critical CVSS 9+ flaws — that let attackers silently...
Read more 0
Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users
Vulnerability

Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users

23 June 2026 dark6

A critical heap overread vulnerability in Squid Proxy, dubbed Squidbleed, has gone undetected since 1997. Discovered with the help of...
Read more 0
AryStinger Botnet Hijacks 4,300+ Routers to Build Global Covert Attack Proxy Network
Malware

AryStinger Botnet Hijacks 4,300+ Routers to Build Global Covert Attack Proxy Network

23 June 2026 dark6

Researchers have uncovered AryStinger, a stealthy botnet that has hijacked over 4,300 legacy Linksys and D-Link routers by exploiting decade-old...
Read more 0
Prinz Eugen Ransomware Uses RemotePC RMM and PowerShell Stagers to Evade Detection
Ransomware

Prinz Eugen Ransomware Uses RemotePC RMM and PowerShell Stagers to Evade Detection

23 June 2026 dark6

A new ransomware group is deploying the Go-based Prinz Eugen ransomware by abusing legitimate remote management software (RemotePC) and PowerShell...
Read more 0
Klue Supply Chain Hack Exposes Salesforce Data at Nine Cybersecurity Companies
Databreach

Klue Supply Chain Hack Exposes Salesforce Data at Nine Cybersecurity Companies

23 June 2026 dark6

A supply chain attack on market intelligence platform Klue has compromised Salesforce CRM data across at least nine organizations, including...
Read more 0
SiderAI and MaxAI Chrome Extensions Expose 10 Million Users to Full Browser Compromise
Vulnerability

SiderAI and MaxAI Chrome Extensions Expose 10 Million Users to Full Browser Compromise

22 June 2026 dark6

Critical vulnerabilities dubbed Spyder and MaXSS have been discovered in the SiderAI and MaxAI Chrome extensions, which together are installed...
Read more 0
HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic
Cybercrime

HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic

22 June 2026 dark6

Qualys researchers have exposed HazyBeacon, a stealthy APT campaign targeting Southeast Asian governments that uses AWS Lambda Function URLs as...
Read more 0
AutoJack: A Single Malicious Web Page Can Hijack Your AI Agent and Execute Arbitrary Code
AI

AutoJack: A Single Malicious Web Page Can Hijack Your AI Agent and Execute Arbitrary Code

22 June 2026 dark6

A critical three-vulnerability exploit chain called AutoJack allows a single malicious web page to hijack Microsoft AutoGen Studio's browsing agent...
Read more 0
GentleKiller: Inside the Ransomware Framework Disabling 400+ EDR Security Products
Ransomware

GentleKiller: Inside the Ransomware Framework Disabling 400+ EDR Security Products

22 June 2026 dark6

ESET researchers have exposed GentleKiller, the in-house EDR-killing framework of the Gentlemen ransomware gang, capable of disabling over 400 security...
Read more 0