Latest news

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data
Vulnerability

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data

11 June 2026 dark6

ServiceNow has confirmed a security vulnerability allowing unauthorized actors to query customer instance tables without proper authentication, potentially exposing sensitive...
Read more 0
Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows
Phishing

Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows

11 June 2026 dark6

A sophisticated phishing campaign called Operation TaxShadow is targeting Windows users with fake government tax notifications that deliver multi-stage fileless...
Read more 0
Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
Malware

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control

11 June 2026 dark6

A malicious npm package named dbmux was discovered containing malware that gives attackers complete control over any developer system that...
Read more 0
Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM
Vulnerability

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026 dark6

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to...
Read more 0
UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion
Cybercrime

UNC3753 (Luna Moth) Escalates Campaign Against US Law Firms: Vishing, RMM Tools, and Now Physical Intrusion

10 June 2026 dark6

Google Cloud Mandiant has documented a sustained UNC3753 (Luna Moth) campaign targeting US law firms from January–May 2026. The group...
Read more 0
SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP
Vulnerability

SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP

10 June 2026 dark6

SAP's June 2026 Security Patch Day addressed 15 security notes including four critical vulnerabilities. The most severe — CVE-2026-44748 (CVSS...
Read more 0
Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage
Cybercrime

Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage

10 June 2026 dark6

A new extortion group called Pink (CL-CRI-1147) has emerged, targeting enterprise organizations through voice phishing to steal Microsoft 365 credentials...
Read more 0
Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately
Vulnerability

Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately

10 June 2026 dark6

Google has released Chrome 149.0.7827.53 with 429 security fixes, including 22 rated critical. The patch covers use-after-free and memory corruption...
Read more 0
CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware
Ransomware

CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware

9 June 2026 dark6

A critical CVSS 9.3 authentication bypass in Check Point Remote Access VPN (CVE-2026-50751) is being actively exploited in the wild,...
Read more 0
CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available
Vulnerability

CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available

9 June 2026 dark6

A use-after-free vulnerability in the Linux kernel nftables subsystem (CVE-2026-23111) allows unprivileged local attackers to escalate privileges to root on...
Read more 0
WhatsApp Disrupts Fresh NSO Group Pegasus Campaign, Seeks Court Contempt Order
Spyware

WhatsApp Disrupts Fresh NSO Group Pegasus Campaign, Seeks Court Contempt Order

9 June 2026 dark6

Meta's WhatsApp has disrupted a new NSO Group-linked Pegasus spyware campaign targeting users in Jordan and Lebanon, and is now...
Read more 0
China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign
Cybercrime

China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign

9 June 2026 dark6

ReliaQuest has uncovered OP-512, a new China-linked threat cluster targeting IIS servers with a custom web shell framework that generates...
Read more 0