Latest news

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
Read more 0
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Read more 0
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
Vulnerability

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026 dark6

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...
Read more 0
Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices
Vulnerability

Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices

17 May 2026 dark6

Google Project Zero has demonstrated a two-vulnerability chain that silently roots Google Pixel 10 devices without any user interaction, combining...
Read more 0
CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now
Vulnerability

CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now

16 May 2026 dark6

A critical vulnerability (CVE-2026-8178) in the Amazon Redshift JDBC driver allows remote code execution through manipulated database connection URLs. The...
Read more 0
CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required
Vulnerability

CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required

16 May 2026 dark6

A critical authentication bypass flaw in PraisonAI's legacy API server (CVE-2026-44338) shipped with auth disabled by default, allowing unauthenticated attackers...
Read more 0
BitUnlocker: New Tool Breaks BitLocker on Patched Windows 11 Systems in Under 5 Minutes
Vulnerability

BitUnlocker: New Tool Breaks BitLocker on Patched Windows 11 Systems in Under 5 Minutes

15 May 2026 dark6

A publicly released tool called BitUnlocker demonstrates a practical downgrade attack against BitLocker on fully-patched Windows 11 machines, exploiting a...
Read more 0
CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now
Vulnerability

CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now

15 May 2026 dark6

Fortinet has disclosed CVE-2026-26083, a critical (CVSS 9.1) missing-authorization vulnerability in FortiSandbox that lets unauthenticated attackers execute arbitrary code remotely...
Read more 0
CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm
Vulnerability

CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm

15 May 2026 dark6

A maximum-severity (CVSS 10.0) vulnerability in the SandboxJS npm library allows attackers to completely escape the JavaScript sandbox and execute...
Read more 0
CVE-2026-32185: Microsoft Teams for Android Vulnerability Enables Local Spoofing Attacks — Patch Available
Vulnerability

CVE-2026-32185: Microsoft Teams for Android Vulnerability Enables Local Spoofing Attacks — Patch Available

14 May 2026 dark6

Microsoft has patched CVE-2026-32185, a spoofing vulnerability in Microsoft Teams for Android that allows local attackers to impersonate trusted devices...
Read more 0