Latest news

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
Read more 0
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0
CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now
Vulnerability

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026 dark6

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the...
Read more 0
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4
Vulnerability

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026 dark6

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active...
Read more 0
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0
Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control
Vulnerability

Attackers Exploit Docker and Kubernetes Misconfigurations to Escape Containers and Seize Host Control

2 June 2026 dark6

Security researchers have documented a wave of attacks exploiting Docker and Kubernetes misconfigurations to break out of containers and take...
Read more 0
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Vulnerability

CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately

1 June 2026 dark6

Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild....
Read more 0
Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks
Vulnerability

Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks

31 May 2026 dark6

Google has moved Device Bound Session Credentials (DBSC) to general availability in Chrome on Windows, cryptographically binding session cookies to...
Read more 0
GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities
Vulnerability

GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities

31 May 2026 dark6

GitLab has released emergency security patches (versions 19.0.1, 18.11.4, 18.10.7) fixing a CVSS 8.2 Duo AI identity flaw (CVE-2026-4868) that...
Read more 0
Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures
Vulnerability

Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures

31 May 2026 dark6

Microsoft has released KB5089573, a critical out-of-band update for Windows 11, permanently fixing the EFI System Partition space issue that...
Read more 0
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
Vulnerability

CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately

30 May 2026 dark6

A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers...
Read more 0