Latest news

Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0
Vulnerability

Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0

23 May 2026 dark6

Ubiquiti Networks has released urgent firmware updates addressing five critical vulnerabilities in its UniFi OS platform, including three flaws rated...
Read more 0
CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3
Vulnerability

CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3

23 May 2026 dark6

CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following...
Read more 0
LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
Vulnerability

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access

23 May 2026 dark6

LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already...
Read more 0
Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now
Vulnerability

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now

22 May 2026 dark6

Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC...
Read more 0
Operation Saffron: International Authorities Dismantle ‘First VPN’ Criminal Network Linked to Global Ransomware Attacks
Cybercrime

Operation Saffron: International Authorities Dismantle ‘First VPN’ Criminal Network Linked to Global Ransomware Attacks

22 May 2026 dark6

A coordinated international law enforcement operation led by France, the Netherlands, Europol, and Eurojust has dismantled First VPN — a...
Read more 0
WantToCry Ransomware Encrypts Files Remotely Over SMB — No Malware Required
Ransomware

WantToCry Ransomware Encrypts Files Remotely Over SMB — No Malware Required

22 May 2026 dark6

A ransomware operation called WantToCry is exploiting exposed SMB file-sharing services to encrypt business data without ever installing malware on...
Read more 0
Dark Web Brokers Flood Forums With Recycled Breach Data Disguised as Fresh Corporate Leaks
Cybercrime

Dark Web Brokers Flood Forums With Recycled Breach Data Disguised as Fresh Corporate Leaks

22 May 2026 dark6

Cybercriminals operating in Chinese-language dark web ecosystems are repackaging data from old breaches and selling it as fresh corporate intelligence,...
Read more 0
DevilNFC: New Android Malware Traps Victims in Kiosk Mode During NFC Card Relay Attacks
Malware

DevilNFC: New Android Malware Traps Victims in Kiosk Mode During NFC Card Relay Attacks

21 May 2026 dark6

DevilNFC is a new Android malware that combines NFC relay attacks with Android Kiosk Mode to trap victims inside a...
Read more 0
Void Botnet Weaponizes Ethereum Smart Contracts for Seizure-Proof Command-and-Control Infrastructure
Malware

Void Botnet Weaponizes Ethereum Smart Contracts for Seizure-Proof Command-and-Control Infrastructure

21 May 2026 dark6

The Void Botnet uses Ethereum smart contracts as a seizure-resistant C2 channel, making traditional law enforcement takedowns impossible. Sold on...
Read more 0
Gremlin Stealer Evolves: New Variant Hides C2 URLs in Encrypted Resources and Adds Discord Token Theft
Malware

Gremlin Stealer Evolves: New Variant Hides C2 URLs in Encrypted Resources and Adds Discord Token Theft

21 May 2026 dark6

A newly analyzed Gremlin stealer variant hides C2 URLs inside XOR-encrypted .NET resource sections, making it invisible to static scanners....
Read more 0
Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code
Vulnerability

Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code

21 May 2026 dark6

Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate...
Read more 0
Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
Phishing

Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials

20 May 2026 dark6

North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials,...
Read more 0