Latest news

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack
Malware

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack

19 May 2026 dark6

Four malicious npm packages have been discovered stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, with one variant...
Read more 0
CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29
Vulnerability

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026 dark6

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities...
Read more 0
Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released
Vulnerability

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026 dark6

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level...
Read more 0
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
Read more 0
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Read more 0
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0
Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom
Databreach

Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom

18 May 2026 dark6

A threat actor infiltrated Grafana Labs GitHub environment using a stolen privileged token to download the company private codebase. The...
Read more 0
JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers
Malware

JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers

17 May 2026 dark6

Attackers compromised the official JDownloader website between May 6-7, 2026, replacing legitimate Windows and Linux installers with malicious versions containing...
Read more 0
Android 16 ‘Tiny UDP Cannon’ Flaw Lets Malicious Apps Bypass VPN and Expose Your Real IP Address
Privacy

Android 16 ‘Tiny UDP Cannon’ Flaw Lets Malicious Apps Bypass VPN and Expose Your Real IP Address

17 May 2026 dark6

A newly disclosed Android 16 design flaw dubbed 'Tiny UDP Cannon' allows any app with basic permissions to bypass VPN...
Read more 0
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
Vulnerability

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026 dark6

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...
Read more 0
Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices
Vulnerability

Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices

17 May 2026 dark6

Google Project Zero has demonstrated a two-vulnerability chain that silently roots Google Pixel 10 devices without any user interaction, combining...
Read more 0