Latest news

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Vulnerability

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk

2 July 2026 dark6

Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent...
Apple’s Unpatched ‘Hide My Email’ Flaw Has Exposed User Identities for Over a Year
Privacy

Apple’s Unpatched ‘Hide My Email’ Flaw Has Exposed User Identities for Over a Year

2 July 2026 dark6

An unpatched vulnerability in Apple's Hide My Email feature can expose users' real email addresses behind their iCloud+ anonymization aliases,...
Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks
Vulnerability

Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks

2 July 2026 dark6

Four new CVEs in the widely deployed Fluentd log collector — including a critical RCE vulnerability (CVE-2026-44024) exploitable via crafted...
81 Million Login Attempts: Massive Password Spray Campaign Bypasses MFA to Compromise Azure and Microsoft 365 Accounts
Cybercrime

81 Million Login Attempts: Massive Password Spray Campaign Bypasses MFA to Compromise Azure and Microsoft 365 Accounts

2 July 2026 dark6

A massive automated campaign made 81 million login attempts against Microsoft 365 and Azure CLI accounts between June 12 and...
PoC Published for CVE-2026-24294: NTLM Reflection Bypass Grants SYSTEM Access on Windows Server 2025
Vulnerability

PoC Published for CVE-2026-24294: NTLM Reflection Bypass Grants SYSTEM Access on Windows Server 2025

1 July 2026 dark6

Synacktiv has released a working PoC for CVE-2026-24294, a new NTLM reflection bypass that grants SYSTEM-level access on Windows Server...
Critical wolfSSL Vulnerabilities Expose Billions of Servers and IoT Devices to Certificate Forgery and RCE
Vulnerability

Critical wolfSSL Vulnerabilities Expose Billions of Servers and IoT Devices to Certificate Forgery and RCE

1 July 2026 dark6

Multiple newly disclosed vulnerabilities in the wolfSSL embedded TLS library — including certificate trust bypasses, heap overflows, and post-quantum cryptography...
SEO-Poisoned Bing Search Delivers BumbleBee Loader and Akira Ransomware to Enterprise Network
Ransomware

SEO-Poisoned Bing Search Delivers BumbleBee Loader and Akira Ransomware to Enterprise Network

1 July 2026 dark6

An IT administrator searching Bing for ManageEngine OpManager was redirected to a trojanized installer, triggering a 44-hour intrusion that ended...
CVE-2026-8037: Critical Pre-Auth RCE in Progress Kemp LoadMaster Puts Enterprise Networks at Risk
Vulnerability

CVE-2026-8037: Critical Pre-Auth RCE in Progress Kemp LoadMaster Puts Enterprise Networks at Risk

1 July 2026 dark6

A CVSS 9.8 pre-authentication remote code execution vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster allows unauthenticated attackers to run arbitrary commands...
Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen
Malware

Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen

30 June 2026 dark6

Researchers scanning 50,000 ClawHub skills — the official marketplace for the OpenClaw AI agent platform — found working remote control...
Russia’s Turla APT Deploys STOCKSTAY Backdoor Against Ukrainian Government and Military Targets
Cybercrime

Russia’s Turla APT Deploys STOCKSTAY Backdoor Against Ukrainian Government and Military Targets

30 June 2026 dark6

Russia-linked Turla (FSB Center 16) has been running a long-running espionage campaign deploying a new .NET backdoor called STOCKSTAY against...
Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now
Vulnerability

Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now

30 June 2026 dark6

Microsoft has disclosed CVE-2025-60727, a critical out-of-bounds read remote code execution vulnerability in Microsoft 365 Apps, Excel 2016, and multiple...
Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours
Vulnerability

Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours

30 June 2026 dark6

Threat actors are actively exploiting CVE-2026-46817, a critical CVSS 9.8 unauthenticated remote takeover flaw in Oracle E-Business Suite, with 456...