Latest news

Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)
Vulnerability

Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)

28 April 2026 dark6

Deutsche Telekom's Red Team has disclosed Pack2TheRoot (CVE-2026-41651), a critical local privilege escalation flaw in the PackageKit daemon affecting all...
Read more 0
CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline
Vulnerability

CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline

26 April 2026 dark6

CISA has added two chained vulnerabilities in SimpleHelp remote support software — CVE-2024-57726 (missing authorization) and CVE-2024-57728 (path traversal) —...
Read more 0
PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions
Vulnerability

PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions

26 April 2026 dark6

Kaspersky researchers have revealed PhantomRPC, an unpatched architectural flaw in the Windows RPC runtime that allows local privilege escalation to...
Read more 0
Kali Linux 2026.1 Released: Eight New Hacking Tools, Kernel 6.18, and Enhanced Mobile Pentesting
Vulnerability

Kali Linux 2026.1 Released: Eight New Hacking Tools, Kernel 6.18, and Enhanced Mobile Pentesting

25 April 2026 dark6

Kali Linux 2026.1 has been released with eight new hacking tools including AdaptixC2, Atomic-Operator, and MetasploitMCP, alongside the Linux 6.18...
Read more 0
Microsoft Confirms Windows Server 2025 Domain Controllers Enter Reboot Loops After April 2026 Patch
Vulnerability

Microsoft Confirms Windows Server 2025 Domain Controllers Enter Reboot Loops After April 2026 Patch

25 April 2026 dark6

Microsoft has confirmed that the April 2026 cumulative update KB5082063 causes Windows Server 2025 domain controllers to enter reboot loops,...
Read more 0
Microsoft Patch Tuesday April 2026: 168 Vulnerabilities Fixed Including Actively Exploited SharePoint Zero-Day
Vulnerability

Microsoft Patch Tuesday April 2026: 168 Vulnerabilities Fixed Including Actively Exploited SharePoint Zero-Day

25 April 2026 dark6

Microsoft's April 2026 Patch Tuesday fixes a record 168 vulnerabilities, including an actively exploited SharePoint zero-day (CVE-2026-32201) and a publicly...
Read more 0
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
Vulnerability

Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate

23 April 2026 dark6

A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being...
Read more 0
Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released
Vulnerability

Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released

22 April 2026 dark6

A critical SQL injection zero-day in Fortinet's FortiClient EMS (CVE-2026-35616) is being actively exploited in the wild. WatchTowr sensors detected...
Read more 0
Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild
Vulnerability

Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild

22 April 2026 dark6

Three critical zero-day vulnerabilities — BlueHammer (CVE-2026-33825), RedSun, and UnDefend — have been discovered in Windows Defender's remediation engine. All...
Read more 0
Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk
Vulnerability

Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk

21 April 2026 dark6

Cisco has patched four critical vulnerabilities in Identity Services Engine (ISE) and Webex, including an unauthenticated remote code execution flaw...
Read more 0
Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
Vulnerability

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests

21 April 2026 dark6

CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...
Read more 0
Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
Vulnerability

Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog

20 April 2026 dark6

A critical improper access control vulnerability in Fortinet FortiClientEMS (CVE-2026-35616, CVSS 9.1) is being actively exploited following the publication of...
Read more 0