Latest news

84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials
Cybercrime

84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials

15 May 2026 dark6

Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...
Read more 0
BitUnlocker: New Tool Breaks BitLocker on Patched Windows 11 Systems in Under 5 Minutes
Vulnerability

BitUnlocker: New Tool Breaks BitLocker on Patched Windows 11 Systems in Under 5 Minutes

15 May 2026 dark6

A publicly released tool called BitUnlocker demonstrates a practical downgrade attack against BitLocker on fully-patched Windows 11 machines, exploiting a...
Read more 0
CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now
Vulnerability

CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now

15 May 2026 dark6

Fortinet has disclosed CVE-2026-26083, a critical (CVSS 9.1) missing-authorization vulnerability in FortiSandbox that lets unauthenticated attackers execute arbitrary code remotely...
Read more 0
CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm
Vulnerability

CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm

15 May 2026 dark6

A maximum-severity (CVSS 10.0) vulnerability in the SandboxJS npm library allows attackers to completely escape the JavaScript sandbox and execute...
Read more 0
ClickFix Evolves: Attackers Combine Social Engineering With Decade-Old PySoxy SOCKS5 Proxy for Persistent Access
Malware

ClickFix Evolves: Attackers Combine Social Engineering With Decade-Old PySoxy SOCKS5 Proxy for Persistent Access

14 May 2026 dark6

A new ClickFix campaign observed by ReliaQuest pairs the social engineering technique with PySoxy, a 10-year-old Python SOCKS5 proxy, creating...
Read more 0
CVE-2026-32185: Microsoft Teams for Android Vulnerability Enables Local Spoofing Attacks — Patch Available
Vulnerability

CVE-2026-32185: Microsoft Teams for Android Vulnerability Enables Local Spoofing Attacks — Patch Available

14 May 2026 dark6

Microsoft has patched CVE-2026-32185, a spoofing vulnerability in Microsoft Teams for Android that allows local attackers to impersonate trusted devices...
Read more 0
Critical Exim Vulnerability (EXIM-Security-2026-05-01.1): Remote Code Execution via GnuTLS BDAT Flaw — Patch Now
Vulnerability

Critical Exim Vulnerability (EXIM-Security-2026-05-01.1): Remote Code Execution via GnuTLS BDAT Flaw — Patch Now

14 May 2026 dark6

A critical use-after-free vulnerability in Exim mail servers (versions 4.97–4.99.2 with GnuTLS) allows unauthenticated remote attackers to corrupt heap memory...
Read more 0
Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants
Ransomware

Foxconn Confirms Cyberattack: Nitrogen Ransomware Gang Claims 8TB Stolen From North American Plants

14 May 2026 dark6

Foxconn has confirmed a ransomware attack on its North American factories after the Nitrogen gang claimed to have stolen 8TB...
Read more 0
CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw
Vulnerability

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw

13 May 2026 dark6

CISA has added CVE-2026-32202, a zero-click Windows Shell authentication coercion flaw, to its KEV catalog following confirmed active exploitation by...
Read more 0
PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
Vulnerability

PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16

13 May 2026 dark6

A public PoC exploit for CVE-2026-0073 enables any network-local attacker to gain a full ADB shell on unpatched Android 14–16...
Read more 0
Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls
Vulnerability

Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls

13 May 2026 dark6

Palo Alto Networks is warning of a critical CVE-2026-0300 buffer overflow in PAN-OS Captive Portal that enables unauthenticated root-level remote...
Read more 0
Microsoft Patch Tuesday May 2026: 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws
Vulnerability

Microsoft Patch Tuesday May 2026: 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws

13 May 2026 dark6

Microsoft's May 2026 Patch Tuesday delivers fixes for 120 vulnerabilities including 29 Critical-rated remote code execution flaws across Windows, SharePoint,...
Read more 0