Latest news

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
Cybercrime

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

2 June 2026 dark6

A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing...
Read more 0
SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT
Malware

SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT

2 June 2026 dark6

The SmartApeSG campaign is using ClickFix scripts disguised as fake browser verification pages to deploy a two-stage infection chain, culminating...
Read more 0
Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
Vulnerability

Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control

2 June 2026 dark6

Security researchers have documented a wave of attacks exploiting Docker and Kubernetes misconfigurations to break out of containers and take...
Read more 0
OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries
Malware

OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries

2 June 2026 dark6

A dangerous new Android banking trojan called OverlayPhantom has been targeting users in ten countries, abusing Android's Accessibility Service to...
Read more 0
Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack
Phishing

Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack

1 June 2026 dark6

Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote...
Read more 0
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Cybercrime

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026 dark6

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Read more 0
Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen
AI

Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen

1 June 2026 dark6

A critical flaw in Meta's AI account recovery tool allowed attackers to trick the chatbot into sending password reset codes...
Read more 0
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Vulnerability

CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately

1 June 2026 dark6

Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild....
Read more 0
Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials
Malware

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials

31 May 2026 dark6

A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and...
Read more 0
Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks
Vulnerability

Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks

31 May 2026 dark6

Google has moved Device Bound Session Credentials (DBSC) to general availability in Chrome on Windows, cryptographically binding session cookies to...
Read more 0
GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities
Vulnerability

GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities

31 May 2026 dark6

GitLab has released emergency security patches (versions 19.0.1, 18.11.4, 18.10.7) fixing a CVSS 8.2 Duo AI identity flaw (CVE-2026-4868) that...
Read more 0
Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures
Vulnerability

Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures

31 May 2026 dark6

Microsoft has released KB5089573, a critical out-of-band update for Windows 11, permanently fixing the EFI System Partition space issue that...
Read more 0