Latest news

Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
Phishing

Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials

20 May 2026 dark6

North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials,...
ShinyHunters Claims Cyberattack on U.S. Online Learning Platform — FBI Warns of Extortion Escalation
Databreach

ShinyHunters Claims Cyberattack on U.S. Online Learning Platform — FBI Warns of Extortion Escalation

20 May 2026 dark6

ShinyHunters has claimed responsibility for a cyberattack on a U.S.-based online Learning Management System, disrupting access for educational institutions nationwide....
CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability
Vulnerability

CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability

20 May 2026 dark6

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted...
GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen
Databreach

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen

20 May 2026 dark6

GitHub has confirmed unauthorized access to its internal repositories after a malicious Visual Studio Code extension compromised an employee device....
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack
Malware

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack

19 May 2026 dark6

Four malicious npm packages have been discovered stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, with one variant...
CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29
Vulnerability

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026 dark6

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities...
Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released
Vulnerability

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026 dark6

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level...
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom
Databreach

Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom

18 May 2026 dark6

A threat actor infiltrated Grafana Labs GitHub environment using a stolen privileged token to download the company private codebase. The...