Latest news

NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries
Ransomware

NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries

28 May 2026 dark6

NightSpire ransomware has hit at least 64 organizations across 33 countries by exploiting Remote Desktop Protocol access and installing legitimate...
Read more 0
Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries
Cybercrime

Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries

28 May 2026 dark6

Iran-linked Seedworm (MuddyWater) APT has been caught running a broad espionage campaign against at least 9 organizations across 9 countries...
Read more 0
Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor
Phishing

Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor

28 May 2026 dark6

The Tycoon 2FA phishing-as-a-service kit, operated by threat actor Storm-1747, is bypassing multi-factor authentication on Microsoft 365 and Google Workspace...
Read more 0
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
Vulnerability

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications

28 May 2026 dark6

A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Read more 0
Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups
Cybercrime

Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups

27 May 2026 dark6

Microsoft's Digital Crimes Unit has disrupted Fox Tempest, a criminal malware-signing-as-a-service operation that abused Microsoft's Artifact Signing infrastructure to issue...
Read more 0
Grafana GitHub Breach: TanStack npm Supply Chain Attack Leads to Source Code Theft and Ransom Demand
Databreach

Grafana GitHub Breach: TanStack npm Supply Chain Attack Leads to Source Code Theft and Ransom Demand

27 May 2026 dark6

Grafana Labs has confirmed a ransomware-linked breach of its GitHub environment traced to the TanStack npm supply chain compromise. Attackers...
Read more 0
Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns
Malware

Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns

27 May 2026 dark6

A new Rust-based botnet sold on cybercrime forums uses Ethereum smart contracts as its command-and-control channel, making traditional infrastructure takedowns...
Read more 0
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
Cybercrime

TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI

27 May 2026 dark6

The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like...
Read more 0
Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining
Cybercrime

Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining

26 May 2026 dark6

A Russian-speaking threat actor tracked as "bandcampro" has been exposed using a persistently jailbroken Google Gemini CLI to power a...
Read more 0
Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations
Malware

Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations

26 May 2026 dark6

The Cloud Atlas APT group has adopted a stealthy new technique: modifying Windows termsrv.dll to enable multiple simultaneous RDP sessions,...
Read more 0
Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack
Vulnerability

Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack

26 May 2026 dark6

A critical heap buffer overflow in 7-Zip 26.00 (CVE-2026-48095, CVSS 8.8) lets attackers execute arbitrary code through an NTFS vtable...
Read more 0
Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries
Ransomware

Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries

26 May 2026 dark6

A new ransomware operation called Payload has emerged using military-grade ChaCha20 encryption paired with Curve25519 ECDH key exchange, making file...
Read more 0