Latest news

Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware
Malware

Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware

28 April 2026 dark6

Threat actors are using fake GitHub repositories impersonating the leaked Anthropic Claude Code source to deliver a Rust dropper that...
Read more 0
ClickUp’s Hardcoded API Key Has Silently Leaked 959 Corporate and Government Emails for 15 Months
Databreach

ClickUp’s Hardcoded API Key Has Silently Leaked 959 Corporate and Government Emails for 15 Months

28 April 2026 dark6

A hardcoded API key in ClickUp's public JavaScript file exposed 959 corporate and government email addresses for over 15 months...
Read more 0
Microsoft Defender “RedSun” Zero-Day (CVE-2026-33825): Unpatched Exploit Grants Full SYSTEM Access
Vulnerability

Microsoft Defender “RedSun” Zero-Day (CVE-2026-33825): Unpatched Exploit Grants Full SYSTEM Access

28 April 2026 dark6

An unpatched zero-day dubbed RedSun (CVE-2026-33825) actively exploits a flaw in Windows Defender's cloud file rollback mechanism to grant attackers...
Read more 0
Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files
Vulnerability

Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files

28 April 2026 dark6

CrowdStrike has issued an emergency advisory for CVE-2026-40050, a CVSS 9.8 unauthenticated path-traversal flaw in LogScale that lets remote attackers...
Read more 0
Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)
Vulnerability

Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)

28 April 2026 dark6

Deutsche Telekom's Red Team has disclosed Pack2TheRoot (CVE-2026-41651), a critical local privilege escalation flaw in the PackageKit daemon affecting all...
Read more 0
ShinyHunters Claims Udemy Data Breach: 1.4 Million User Records at Risk as Ransom Deadline Expires
Databreach

ShinyHunters Claims Udemy Data Breach: 1.4 Million User Records at Risk as Ransom Deadline Expires

28 April 2026 dark6

ShinyHunters has claimed a breach of Udemy affecting 1.4 million user records, setting a "Pay or Leak" ransom deadline of...
Read more 0
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Malware

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack

28 April 2026 dark6

Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...
Read more 0
GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace
Malware

GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace

27 April 2026 dark6

Aikido Security has identified 73 new GlassWorm "sleeper" extensions on the Open VSX marketplace, marking a dangerous escalation in a...
Read more 0
State-Sponsored UAT-4356 Deploys FIRESTARTER Backdoor on Cisco Firepower Devices via Chained N-Day Vulnerabilities
Malware

State-Sponsored UAT-4356 Deploys FIRESTARTER Backdoor on Cisco Firepower Devices via Chained N-Day Vulnerabilities

26 April 2026 dark6

Cisco Talos has uncovered an active espionage campaign by state-sponsored group UAT-4356, which chains two Cisco Firepower FXOS vulnerabilities (CVE-2025-20333...
Read more 0
CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline
Vulnerability

CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline

26 April 2026 dark6

CISA has added two chained vulnerabilities in SimpleHelp remote support software — CVE-2024-57726 (missing authorization) and CVE-2024-57728 (path traversal) —...
Read more 0
ADT Confirms Data Breach: ShinyHunters Claims 10 Million Records Stolen via Vishing Attack
Databreach

ADT Confirms Data Breach: ShinyHunters Claims 10 Million Records Stolen via Vishing Attack

26 April 2026 dark6

Home security giant ADT Inc. has confirmed a data breach following a ShinyHunters claim of stealing over 10 million records....
Read more 0
PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions
Vulnerability

PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions

26 April 2026 dark6

Kaspersky researchers have revealed PhantomRPC, an unpatched architectural flaw in the Windows RPC runtime that allows local privilege escalation to...
Read more 0