Latest news

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets
Vulnerability

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets

8 June 2026 dark6

Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ...
Read more 0
CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform
Vulnerability

CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform

8 June 2026 dark6

CISA has added CVE-2026-28318, a zero-authentication denial-of-service flaw in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog. Attackers can crash...
Read more 0
CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
Vulnerability

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now

8 June 2026 dark6

CISA has added CVE-2022-0492, a Linux kernel improper authentication flaw, to its Known Exploited Vulnerabilities catalog. The vulnerability enables privilege...
Read more 0
CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure
Vulnerability

CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure

8 June 2026 dark6

CISA, the FBI, NSA, and five other federal agencies have issued a joint advisory confirming active cyberattacks against Automatic Tank...
Read more 0
CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access
Vulnerability

CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access

8 June 2026 dark6

Ivanti has disclosed a high-severity privilege escalation vulnerability in its Neurons for ITSM platform, tracked as CVE-2026-9614 with a CVSS...
Read more 0
HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
Vulnerability

HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

8 June 2026 dark6

A newly disclosed exploit called the 'HTTP/2 Bomb' can exhaust tens of gigabytes of server memory in seconds using just...
Read more 0
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
Read more 0
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0
CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now
Vulnerability

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026 dark6

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the...
Read more 0
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4
Vulnerability

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog as Active Exploitation Confirmed — Patch by June 4

3 June 2026 dark6

CISA has added CVE-2024-21182, a critical unauthenticated Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active...
Read more 0
1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0