Latest news

DragonForce Ransomware Abuses Microsoft Teams TURN Relay to Hide Malicious C2 Traffic
Ransomware

DragonForce Ransomware Abuses Microsoft Teams TURN Relay to Hide Malicious C2 Traffic

17 June 2026 dark6

Symantec researchers have discovered that DragonForce ransomware actors used a novel Go-based backdoor called Backdoor.TURN to route C2 communications through...
Read more 0
Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap
Malware

Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap

17 June 2026 dark6

Google GTIG has attributed a 2+ year Chinese cyber-espionage campaign to UNC6508, which exploited REDCap medical research servers across North...
Read more 0
Novo Nordisk Confirms Cyberattack: Patient Clinical Trial Data and Proprietary AI Models Stolen
Databreach

Novo Nordisk Confirms Cyberattack: Patient Clinical Trial Data and Proprietary AI Models Stolen

17 June 2026 dark6

Novo Nordisk has confirmed a cyberattack that exposed pseudonymized patient data from clinical trials. The threat group Dragonfly claims to...
Read more 0
Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild
Vulnerability

Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild

17 June 2026 dark6

Threat actors are actively exploiting three critical Fortinet FortiSandbox vulnerabilities — including CVE-2026-39813, which has no prior exploitation history. All...
Read more 0
Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics
Vulnerability

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics

16 June 2026 dark6

Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June...
Read more 0
CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access
Vulnerability

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026 dark6

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts...
Read more 0
CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks
Vulnerability

CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks

16 June 2026 dark6

Cisco has confirmed active zero-day exploitation of CVE-2026-20262, an arbitrary-file-write vulnerability in Catalyst SD-WAN Manager (vManage) that allows attackers to...
Read more 0
CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root
Vulnerability

CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root

16 June 2026 dark6

A critical actively exploited zero-day in the LiteSpeed cPanel user-end plugin (CVE-2026-54420) enables attackers to escalate privileges to root, breaking...
Read more 0
CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate
Vulnerability

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026 dark6

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those...
Read more 0
GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners
Malware

GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners

12 June 2026 dark6

GoFlateLoader, a new Go-based malware loader active since April 2026, has infected over 33,000 users globally by exploiting a simple...
Read more 0
CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution
Vulnerability

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026 dark6

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on...
Read more 0
OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors
Cybercrime

OceanLotus APT (APT32) Compromises FireAnt MetaKit in Targeted Supply-Chain Attack on Vietnamese Stock Investors

12 June 2026 dark6

The Vietnamese state-aligned threat group OceanLotus (APT32) hijacked the update server of popular investment software FireAnt MetaKit to deliver the...
Read more 0