Latest news

Let’s Encrypt Halts All Certificate Issuance After Cross-Signed Root Certificate Incident
Vulnerability

Let’s Encrypt Halts All Certificate Issuance After Cross-Signed Root Certificate Incident

11 May 2026 dark6

Let's Encrypt temporarily suspended all certificate issuance on May 8, 2026, after engineers identified a critical issue with a cross-signed...
Read more 0
Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge
Vulnerability

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge

11 May 2026 dark6

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365...
Read more 0
Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks
Vulnerability

Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks

11 May 2026 dark6

cPanel has disclosed three critical security vulnerabilities — CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 — affecting its widely deployed cPanel & WHM...
Read more 0
Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now
Vulnerability

Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now

10 May 2026 dark6

Redis has disclosed five high-severity vulnerabilities (CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23631) affecting Redis Cloud, Redis Software, and all open-source community...
Read more 0
WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows
Vulnerability

WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows

10 May 2026 dark6

WatchGuard has released urgent security updates patching four high-severity vulnerabilities in the WatchGuard Agent for Windows, including chained CVE-2026-6787 and...
Read more 0
Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched
Vulnerability

Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched

9 May 2026 dark6

Vercel has released a sweeping set of security advisories for Next.js addressing more than a dozen vulnerabilities including denial-of-service, SSRF...
Read more 0
New Ivanti EPMM Zero-Day CVE-2026-6973 Actively Exploited — Patch Immediately
Vulnerability

New Ivanti EPMM Zero-Day CVE-2026-6973 Actively Exploited — Patch Immediately

8 May 2026 dark6

Ivanti has confirmed active exploitation of CVE-2026-6973, a new zero-day vulnerability in its on-premises Endpoint Manager Mobile (EPMM) product. The...
Read more 0
Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released
Vulnerability

Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released

8 May 2026 dark6

A newly disclosed Linux kernel vulnerability dubbed Dirty Frag chains two page-cache write flaws to achieve full root access on...
Read more 0
Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls
Vulnerability

Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls

7 May 2026 dark6

A critical buffer overflow zero-day in Palo Alto Networks PAN-OS (CVE-2026-0300, CVSS 9.3) is being actively exploited in the wild....
Read more 0
Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
Vulnerability

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately

5 May 2026 dark6

Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2...
Read more 0
Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
Vulnerability

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction

5 May 2026 dark6

Google has disclosed a critical zero-click remote code execution vulnerability tracked as CVE-2026-0073 in the Android System component. The flaw...
Read more 0
Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks
Vulnerability

Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks

4 May 2026 dark6

A faulty Microsoft Defender antimalware definition update incorrectly flagged two legitimate DigiCert root certificates as malware, automatically quarantining them from...
Read more 0