Latest news

North Korean IT Worker Scheme: How DPRK Operatives Infiltrate Companies to Fund Weapons Programs
Cybercrime

North Korean IT Worker Scheme: How DPRK Operatives Infiltrate Companies to Fund Weapons Programs

24 April 2026 dark6

A Team Cymru investigation has exposed the technical infrastructure behind North Korea's long-running fake IT worker scheme, revealing how state-sponsored...
Read more 0
Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend
Malware

Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend

24 April 2026 dark6

JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network...
Read more 0
Lotus Wiper: New Destructive Malware Targets Venezuelan Energy Sector in Geopolitically Motivated Attack
Hacktivism

Lotus Wiper: New Destructive Malware Targets Venezuelan Energy Sector in Geopolitically Motivated Attack

23 April 2026 dark6

A newly discovered wiper dubbed Lotus Wiper has been deployed against energy and utilities targets in Venezuela. Masquerading as HCL...
Read more 0
Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets
Malware

Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets

23 April 2026 dark6

Attackers overwrote official Checkmarx KICS tags on Docker Hub and weaponized its VS Code extensions to deploy a credential stealer...
Read more 0
Apple Patches iOS Notification Flaw (CVE-2026-28950) That Let the FBI Read Deleted Signal Messages
Privacy

Apple Patches iOS Notification Flaw (CVE-2026-28950) That Let the FBI Read Deleted Signal Messages

23 April 2026 dark6

Apple has shipped iOS 26.4.2 to fix CVE-2026-28950, a notification-logging flaw that let forensic investigators recover Signal message previews long...
Read more 0
Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility
Databreach

Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility

23 April 2026 dark6

Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set...
Read more 0
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
Vulnerability

Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate

23 April 2026 dark6

A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being...
Read more 0
Booking.com Notifies Customers of Data Breach Exposing Reservation Details and Personal Information
Databreach

Booking.com Notifies Customers of Data Breach Exposing Reservation Details and Personal Information

22 April 2026 dark6

Booking.com has notified customers of a data breach that exposed personal information including full names, addresses, phone numbers, email addresses,...
Read more 0
Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released
Vulnerability

Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released

22 April 2026 dark6

A critical SQL injection zero-day in Fortinet's FortiClient EMS (CVE-2026-35616) is being actively exploited in the wild. WatchTowr sensors detected...
Read more 0
Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild
Vulnerability

Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild

22 April 2026 dark6

Three critical zero-day vulnerabilities — BlueHammer (CVE-2026-33825), RedSun, and UnDefend — have been discovered in Windows Defender's remediation engine. All...
Read more 0
Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk
Vulnerability

Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk

21 April 2026 dark6

Cisco has patched four critical vulnerabilities in Identity Services Engine (ISE) and Webex, including an unauthenticated remote code execution flaw...
Read more 0
Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline
Databreach

Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline

21 April 2026 dark6

Inditex, owner of Zara and Bershka, has confirmed a data breach affecting transaction records accessed via a third-party analytics platform,...
Read more 0