Latest news

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
Vulnerability

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests

21 April 2026 dark6

CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...
Read more 0
ShinyHunters Sets April 21 Deadline for Canada Life Assurance: 5.6 Million Salesforce Records at Risk
Databreach

ShinyHunters Sets April 21 Deadline for Canada Life Assurance: 5.6 Million Salesforce Records at Risk

21 April 2026 dark6

ShinyHunters claims to have breached Canada Life Assurance Company, stealing over 5.6 million Salesforce records containing PII. The group set...
Read more 0
Omnistealer Malware Uses Blockchain Permanence to Host Unremovable Payloads, Compromising 300,000 Credentials
Malware

Omnistealer Malware Uses Blockchain Permanence to Host Unremovable Payloads, Compromising 300,000 Credentials

20 April 2026 dark6

A sophisticated new infostealer dubbed Omnistealer embeds its payloads directly into public blockchain transactions on TRON, Aptos, and Binance Smart...
Read more 0
Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise
Databreach

Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise

20 April 2026 dark6

Cloud development platform Vercel confirmed a security breach traced to a compromised employee account at third-party AI platform Context.ai. The...
Read more 0
BLACKWATER Ransomware Group Debuts with 3.3 TB Heist from Turkey’s Largest Hospital Network
Ransomware

BLACKWATER Ransomware Group Debuts with 3.3 TB Heist from Turkey’s Largest Hospital Network

20 April 2026 dark6

A newly emerged ransomware operation called BLACKWATER has claimed its first major victim: Medical Park Hospitals Group, Turkey's largest private...
Read more 0
Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
Vulnerability

Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog

20 April 2026 dark6

A critical improper access control vulnerability in Fortinet FortiClientEMS (CVE-2026-35616, CVSS 9.1) is being actively exploited following the publication of...
Read more 0
Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
Vulnerability

Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems

19 April 2026 dark6

SAP's April 2026 Patch Day addresses CVE-2026-27681, a near-perfect CVSS 9.9 SQL injection flaw in SAP Business Planning and Consolidation...
Read more 0
ShinyHunters Breaches Rockstar Games via Supply Chain Attack: 80 Million Records Ransomed, Data Leaked After Deadline
Ransomware

ShinyHunters Breaches Rockstar Games via Supply Chain Attack: 80 Million Records Ransomed, Data Leaked After Deadline

19 April 2026 dark6

ShinyHunters compromised Rockstar Games through a supply chain attack on third-party analytics provider Anodot, stealing 80 million records from Snowflake...
Read more 0
CyberAv3ngers: Iran-Linked IRGC Hackers Target Rockwell PLCs Across U.S. Critical Infrastructure
Malware

CyberAv3ngers: Iran-Linked IRGC Hackers Target Rockwell PLCs Across U.S. Critical Infrastructure

19 April 2026 dark6

A joint CISA advisory warns that Iran-linked CyberAv3ngers (IRGC-CEC) are actively exploiting internet-exposed Rockwell Automation PLCs across U.S. water, energy,...
Read more 0
Three Windows Defender Zero-Days Exploited in the Wild: BlueHammer Patched, RedSun and UnDefend Still Unpatched
Vulnerability

Three Windows Defender Zero-Days Exploited in the Wild: BlueHammer Patched, RedSun and UnDefend Still Unpatched

19 April 2026 dark6

A security researcher dropped three Windows Defender zero-day exploits in 13 days — BlueHammer (CVE-2026-33825), RedSun, and UnDefend. All three...
Read more 0
Booking.com Data Breach Exposes Customer Reservation Details, Raising Phishing Risk for Travellers
Databreach

Booking.com Data Breach Exposes Customer Reservation Details, Raising Phishing Risk for Travellers

18 April 2026 dark6

Booking.com has notified customers of a data breach that exposed names, addresses, email addresses, phone numbers, and full reservation details....
Read more 0
APT28 Deploys New PRISMEX Malware Suite Against Ukraine and NATO in Sophisticated Espionage Campaign
Malware

APT28 Deploys New PRISMEX Malware Suite Against Ukraine and NATO in Sophisticated Espionage Campaign

18 April 2026 dark6

Russia's APT28 (Fancy Bear) has launched a new campaign deploying the previously undocumented PRISMEX malware framework, which uses steganography, COM...
Read more 0