Latest news

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain
Malware

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain

30 May 2026 dark6

Threat actor JINX-0164 is targeting cryptocurrency developers via fake LinkedIn profiles, luring them into downloading custom macOS malware (AUDIOFIX and...
Read more 0
‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks
Ransomware

‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks

30 May 2026 dark6

A new Go-based ransomware called The Gentlemen (tracked as Storm-2697 by Microsoft) spreads automatically across networks using eight simultaneous propagation...
Read more 0
GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine
Cybercrime

GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine

30 May 2026 dark6

A newly tracked threat actor called GREYVIBE is using generative AI tools including ChatGPT and Google Gemini to develop malware,...
Read more 0
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
Vulnerability

CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately

30 May 2026 dark6

A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers...
Read more 0
Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
Malware

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor

29 May 2026 dark6

The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux —...
Read more 0
Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns
Malware

Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns

29 May 2026 dark6

The long-running Grandoreiro banking trojan has resurfaced with two active campaigns — one using DLL Side-Loading via cloud infrastructure and...
Read more 0
Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor
Malware

Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor

29 May 2026 dark6

Cybercriminals are distributing trojanized AI application installers on GitHub and SourceForge, luring victims with fake ChatGPT and Claude desktop apps...
Read more 0
NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries
Ransomware

NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries

28 May 2026 dark6

NightSpire ransomware has hit at least 64 organizations across 33 countries by exploiting Remote Desktop Protocol access and installing legitimate...
Read more 0
Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries
Cybercrime

Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries

28 May 2026 dark6

Iran-linked Seedworm (MuddyWater) APT has been caught running a broad espionage campaign against at least 9 organizations across 9 countries...
Read more 0
Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor
Phishing

Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor

28 May 2026 dark6

The Tycoon 2FA phishing-as-a-service kit, operated by threat actor Storm-1747, is bypassing multi-factor authentication on Microsoft 365 and Google Workspace...
Read more 0
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
Vulnerability

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications

28 May 2026 dark6

A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Read more 0
Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups
Cybercrime

Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups

27 May 2026 dark6

Microsoft's Digital Crimes Unit has disrupted Fox Tempest, a criminal malware-signing-as-a-service operation that abused Microsoft's Artifact Signing infrastructure to issue...
Read more 0