Latest news

WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography
Malware

WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography

3 June 2026 dark6

A sophisticated malware campaign has compromised approximately 1,900 WordPress sites using Steam Community profile pages as a covert C2 channel....
Read more 0
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4
Vulnerability

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026 dark6

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active...
Read more 0
FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign
Spyware

FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign

3 June 2026 dark6

Russia's FSB announced the disruption of a foreign intelligence campaign implanting advanced spyware on senior officials' mobile phones, enabling silent...
Read more 0
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
Cybercrime

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

2 June 2026 dark6

A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing...
Read more 0
SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT
Malware

SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT

2 June 2026 dark6

The SmartApeSG campaign is using ClickFix scripts disguised as fake browser verification pages to deploy a two-stage infection chain, culminating...
Read more 0
Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
Vulnerability

Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control

2 June 2026 dark6

Security researchers have documented a wave of attacks exploiting Docker and Kubernetes misconfigurations to break out of containers and take...
Read more 0
OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries
Malware

OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries

2 June 2026 dark6

A dangerous new Android banking trojan called OverlayPhantom has been targeting users in ten countries, abusing Android's Accessibility Service to...
Read more 0
Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack
Phishing

Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack

1 June 2026 dark6

Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote...
Read more 0
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Cybercrime

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026 dark6

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Read more 0
Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen
AI

Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen

1 June 2026 dark6

A critical flaw in Meta's AI account recovery tool allowed attackers to trick the chatbot into sending password reset codes...
Read more 0
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Vulnerability

CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately

1 June 2026 dark6

Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild....
Read more 0