Latest news

Researcher Chains a Guardrail Bypass With a Path Traversal Flaw to Access System Files in ChatGPT
Vulnerability

Researcher Chains a Guardrail Bypass With a Path Traversal Flaw to Access System Files in ChatGPT

4 July 2026 dark6

A proof-of-concept disclosed by researcher zer0dac combined social engineering against ChatGPT's own safety logic with a path traversal bug to...
Ousaban Banking Trojan Resurfaces With Steganographic PDF Lures Targeting Spain and Portugal
Malware

Ousaban Banking Trojan Resurfaces With Steganographic PDF Lures Targeting Spain and Portugal

4 July 2026 dark6

Fortinet's FortiGuard Labs has documented a fresh wave of the Ousaban banking trojan hitting Windows users in Spain and Portugal...
New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts
Phishing

New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts

4 July 2026 dark6

Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session...
Researchers Chain DLL Sideloading and an RPC Flaw to Gain Root Access Inside Claude Cowork’s Sandbox
Vulnerability

Researchers Chain DLL Sideloading and an RPC Flaw to Gain Root Access Inside Claude Cowork’s Sandbox

4 July 2026 dark6

Security researchers at Armadin found a way to chain DLL sideloading with a flaw in an internal RPC protocol to...
Google Dismantles NetNut-Linked “Popa” Residential Proxy Botnet That Hijacked 2 Million Home Devices
Cybercrime

Google Dismantles NetNut-Linked “Popa” Residential Proxy Botnet That Hijacked 2 Million Home Devices

3 July 2026 dark6

Google, working with the FBI, Lumen Technologies, and other partners, has taken action against the NetNut residential proxy network -...
AsyncRAT Trojan Hidden in 90+ Fake Software Download Sites via DLL Sideloading and ScreenConnect
Malware

AsyncRAT Trojan Hidden in 90+ Fake Software Download Sites via DLL Sideloading and ScreenConnect

3 July 2026 dark6

A stealthy campaign is hiding the AsyncRAT trojan inside fake installers for popular free software, using DLL sideloading and the...
New CitrixBleed-Class Vulnerability in Citrix NetScaler Exploited Within 24 Hours of Disclosure
Vulnerability

New CitrixBleed-Class Vulnerability in Citrix NetScaler Exploited Within 24 Hours of Disclosure

3 July 2026 dark6

CVE-2026-8451, the latest entry in the CitrixBleed family of NetScaler memory-disclosure flaws, came under active exploitation less than a day...
DHS Confirms Hackers Breached HSIN, the Government’s Emergency Information-Sharing Platform
Databreach

DHS Confirms Hackers Breached HSIN, the Government’s Emergency Information-Sharing Platform

3 July 2026 dark6

The Department of Homeland Security has confirmed a breach of the Homeland Security Information Network (HSIN), the unclassified platform used...
DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Vulnerability

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk

2 July 2026 dark6

Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent...
Apple’s Unpatched ‘Hide My Email’ Flaw Has Exposed User Identities for Over a Year
Privacy

Apple’s Unpatched ‘Hide My Email’ Flaw Has Exposed User Identities for Over a Year

2 July 2026 dark6

An unpatched vulnerability in Apple's Hide My Email feature can expose users' real email addresses behind their iCloud+ anonymization aliases,...
Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks
Vulnerability

Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks

2 July 2026 dark6

Four new CVEs in the widely deployed Fluentd log collector — including a critical RCE vulnerability (CVE-2026-44024) exploitable via crafted...
81 Million Login Attempts: Massive Password Spray Campaign Bypasses MFA to Compromise Azure and Microsoft 365 Accounts
Cybercrime

81 Million Login Attempts: Massive Password Spray Campaign Bypasses MFA to Compromise Azure and Microsoft 365 Accounts

2 July 2026 dark6

A massive automated campaign made 81 million login attempts against Microsoft 365 and Azure CLI accounts between June 12 and...