Latest news

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Cybercrime

Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR

4 June 2026 dark6

Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0
CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now
Vulnerability

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026 dark6

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the...
Read more 0
WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography
Malware

WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography

3 June 2026 dark6

A sophisticated malware campaign has compromised approximately 1,900 WordPress sites using Steam Community profile pages as a covert C2 channel....
Read more 0
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4
Vulnerability

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026 dark6

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active...
Read more 0
FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign
Spyware

FSB Claims Foreign Spyware Found on Russian Officials’ Phones in Targeted Espionage Campaign

3 June 2026 dark6

Russia's FSB announced the disruption of a foreign intelligence campaign implanting advanced spyware on senior officials' mobile phones, enabling silent...
Read more 0
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
Cybercrime

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

2 June 2026 dark6

A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing...
Read more 0
SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT
Malware

SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT

2 June 2026 dark6

The SmartApeSG campaign is using ClickFix scripts disguised as fake browser verification pages to deploy a two-stage infection chain, culminating...
Read more 0
Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
Vulnerability

Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control

2 June 2026 dark6

Security researchers have documented a wave of attacks exploiting Docker and Kubernetes misconfigurations to break out of containers and take...
Read more 0
OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries
Malware

OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries

2 June 2026 dark6

A dangerous new Android banking trojan called OverlayPhantom has been targeting users in ten countries, abusing Android's Accessibility Service to...
Read more 0