Latest news

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
Vulnerability

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access

23 May 2026 dark6

LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already...
Read more 0
Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now
Vulnerability

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now

22 May 2026 dark6

Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC...
Read more 0
Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code
Vulnerability

Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code

21 May 2026 dark6

Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate...
Read more 0
CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability
Vulnerability

CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability

20 May 2026 dark6

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted...
Read more 0
CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29
Vulnerability

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026 dark6

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities...
Read more 0
Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released
Vulnerability

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026 dark6

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level...
Read more 0
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
Read more 0
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Read more 0
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
Vulnerability

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026 dark6

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...
Read more 0
Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices
Vulnerability

Google Project Zero Reveals Silent Zero-Click Exploit Chain Rooting Pixel 10 Devices

17 May 2026 dark6

Google Project Zero has demonstrated a two-vulnerability chain that silently roots Google Pixel 10 devices without any user interaction, combining...
Read more 0