Latest news

Microsoft Edge Stores Your Entire Password Vault in Cleartext Process Memory — Every Session
Privacy

Microsoft Edge Stores Your Entire Password Vault in Cleartext Process Memory — Every Session

5 May 2026 dark6

Security researcher @L1v1ng0ffTh3L4N has revealed that Microsoft Edge decrypts all stored passwords into plaintext process memory at browser launch and...
Read more 0
Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
Vulnerability

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately

5 May 2026 dark6

Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2...
Read more 0
Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
Vulnerability

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction

5 May 2026 dark6

Google has disclosed a critical zero-click remote code execution vulnerability tracked as CVE-2026-0073 in the Android System component. The flaw...
Read more 0
AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts
Phishing

AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts

4 May 2026 dark6

A sophisticated phishing operation called AccountDumpling has compromised around 30,000 Facebook accounts by routing lures through legitimate platforms including Google...
Read more 0
Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks
Vulnerability

Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks

4 May 2026 dark6

A faulty Microsoft Defender antimalware definition update incorrectly flagged two legitimate DigiCert root certificates as malware, automatically quarantining them from...
Read more 0
Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access
Phishing

Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access

4 May 2026 dark6

Attackers are combining inbox-flooding email bombing with fake IT support personas on Microsoft Teams to trick employees into granting remote...
Read more 0
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
Vulnerability

FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server

4 May 2026 dark6

A critical vulnerability in the FreeBSD DHCP client, CVE-2026-42511, allows attackers on the same local network to execute arbitrary commands...
Read more 0
KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware
Spyware

KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware

4 May 2026 dark6

A new Android spyware tool called KidsProtect is being sold on hacking forums with a white-label reseller model that lets...
Read more 0
Exim 4.99.2 Patches Four Vulnerabilities Including Heap Corruption, DNS Crash, and Memory Leaks
Vulnerability

Exim 4.99.2 Patches Four Vulnerabilities Including Heap Corruption, DNS Crash, and Memory Leaks

4 May 2026 dark6

The Exim development team has released version 4.99.2 to fix four security vulnerabilities — including a DNS-triggered crash on musl...
Read more 0
Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor
Databreach

Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor

3 May 2026 dark6

Cybersecurity vendor Trellix has confirmed unauthorized access to part of its internal source code repository. The company says no evidence...
Read more 0
APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
Vulnerability

APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia

3 May 2026 dark6

A sophisticated threat actor has exploited the critical cPanel authentication bypass CVE-2026-41940 to compromise government and military servers across South-East...
Read more 0
DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials
Malware

DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials

2 May 2026 dark6

Securonix researchers have documented DEEP#DOOR, a self-contained Python backdoor delivered via obfuscated batch files that systematically disables Windows defenses before...
Read more 0