Latest news

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Read more 0
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0
Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom
Databreach

Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom

18 May 2026 dark6

A threat actor infiltrated Grafana Labs GitHub environment using a stolen privileged token to download the company private codebase. The...
Read more 0
JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers
Malware

JDownloader Official Website Hijacked to Deliver RAT Malware in Windows and Linux Installers

17 May 2026 dark6

Attackers compromised the official JDownloader website between May 6-7, 2026, replacing legitimate Windows and Linux installers with malicious versions containing...
Read more 0
Android 16 ‘Tiny UDP Cannon’ Flaw Lets Malicious Apps Bypass VPN and Expose Your Real IP Address
Privacy

Android 16 ‘Tiny UDP Cannon’ Flaw Lets Malicious Apps Bypass VPN and Expose Your Real IP Address

17 May 2026 dark6

A newly disclosed Android 16 design flaw dubbed 'Tiny UDP Cannon' allows any app with basic permissions to bypass VPN...
Read more 0
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
Vulnerability

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026 dark6

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...
Read more 0
Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices
Vulnerability

Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices

17 May 2026 dark6

Google Project Zero has demonstrated a two-vulnerability chain that silently roots Google Pixel 10 devices without any user interaction, combining...
Read more 0
Inside The Gentlemen: The Fastest-Growing Ransomware-as-a-Service Operation of 2026 — 332 Victims, Leaked Playbook Exposed
Ransomware

Inside The Gentlemen: The Fastest-Growing Ransomware-as-a-Service Operation of 2026 — 332 Victims, Leaked Playbook Exposed

16 May 2026 dark6

The Gentlemen, a ransomware-as-a-service operation that emerged in mid-2025, has claimed approximately 332 victims in the first five months of...
Read more 0
CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now
Vulnerability

CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now

16 May 2026 dark6

A critical vulnerability (CVE-2026-8178) in the Amazon Redshift JDBC driver allows remote code execution through manipulated database connection URLs. The...
Read more 0
TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale
Cybercrime

TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale

16 May 2026 dark6

A financially motivated threat group tracked as TeamPCP has executed at least seven waves of sophisticated supply chain attacks since...
Read more 0
CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required
Vulnerability

CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required

16 May 2026 dark6

A critical authentication bypass flaw in PraisonAI's legacy API server (CVE-2026-44338) shipped with auth disabled by default, allowing unauthenticated attackers...
Read more 0