Latest news

Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups
Cybercrime

Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups

27 May 2026 dark6

Microsoft's Digital Crimes Unit has disrupted Fox Tempest, a criminal malware-signing-as-a-service operation that abused Microsoft's Artifact Signing infrastructure to issue...
Read more 0
Grafana GitHub Breach: TanStack npm Supply Chain Attack Leads to Source Code Theft and Ransom Demand
Databreach

Grafana GitHub Breach: TanStack npm Supply Chain Attack Leads to Source Code Theft and Ransom Demand

27 May 2026 dark6

Grafana Labs has confirmed a ransomware-linked breach of its GitHub environment traced to the TanStack npm supply chain compromise. Attackers...
Read more 0
Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns
Malware

Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns

27 May 2026 dark6

A new Rust-based botnet sold on cybercrime forums uses Ethereum smart contracts as its command-and-control channel, making traditional infrastructure takedowns...
Read more 0
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
Cybercrime

TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI

27 May 2026 dark6

The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like...
Read more 0
Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining
Cybercrime

Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining

26 May 2026 dark6

A Russian-speaking threat actor tracked as "bandcampro" has been exposed using a persistently jailbroken Google Gemini CLI to power a...
Read more 0
Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations
Malware

Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations

26 May 2026 dark6

The Cloud Atlas APT group has adopted a stealthy new technique: modifying Windows termsrv.dll to enable multiple simultaneous RDP sessions,...
Read more 0
Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack
Vulnerability

Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack

26 May 2026 dark6

A critical heap buffer overflow in 7-Zip 26.00 (CVE-2026-48095, CVSS 8.8) lets attackers execute arbitrary code through an NTFS vtable...
Read more 0
Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries
Ransomware

Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries

26 May 2026 dark6

A new ransomware operation called Payload has emerged using military-grade ChaCha20 encryption paired with Curve25519 ECDH key exchange, making file...
Read more 0
Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz
Malware

Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz

25 May 2026 dark6

The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026,...
Read more 0
Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories
Malware

Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories

25 May 2026 dark6

Attackers exploited GitHub's tagging system to inject credential-stealing PHP backdoors into 233 versions of Laravel-Lang packages, silently targeting developer cloud...
Read more 0
Hackers Exploit End-of-Life F5 BIG-IP as Enterprise Entry Point, Pivoting to Active Directory via Confluence RCE
Cybercrime

Hackers Exploit End-of-Life F5 BIG-IP as Enterprise Entry Point, Pivoting to Active Directory via Confluence RCE

25 May 2026 dark6

Microsoft Defender researchers document a multi-stage intrusion where threat actors exploited an end-of-life F5 BIG-IP appliance to gain SSH access,...
Read more 0
CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution
Vulnerability

CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution

25 May 2026 dark6

A critical heap buffer overflow in the NGINX rewrite module (CVE-2026-9256, "nginx-poolslip") allows unauthenticated remote attackers to crash NGINX workers...
Read more 0