Latest news

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge
Vulnerability

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge

11 May 2026 dark6

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365...
Read more 0
TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules
Malware

TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules

11 May 2026 dark6

A highly sophisticated Brazilian banking trojan called TCLBANKER (campaign REF3076) has been uncovered by Elastic Security Labs. The malware uses...
Read more 0
Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks
Vulnerability

Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks

11 May 2026 dark6

cPanel has disclosed three critical security vulnerabilities — CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 — affecting its widely deployed cPanel & WHM...
Read more 0
InstallFix: Hackers Use Fake Claude AI Installer Pages and Google Ads to Deploy RedLine Stealer Malware
Malware

InstallFix: Hackers Use Fake Claude AI Installer Pages and Google Ads to Deploy RedLine Stealer Malware

10 May 2026 dark6

A malware campaign called InstallFix is using paid Google Ads to push fake Claude AI installation pages to the top...
Read more 0
CallPhantom: 28 Fake Android Apps with 7.3 Million Downloads Sold Fabricated Call History Data on Google Play
Scams

CallPhantom: 28 Fake Android Apps with 7.3 Million Downloads Sold Fabricated Call History Data on Google Play

10 May 2026 dark6

Security researchers at ESET uncovered the CallPhantom campaign — 28 fraudulent Android apps on Google Play that accumulated over 7.3...
Read more 0
Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now
Vulnerability

Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now

10 May 2026 dark6

Redis has disclosed five high-severity vulnerabilities (CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23631) affecting Redis Cloud, Redis Software, and all open-source community...
Read more 0
WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows
Vulnerability

WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows

10 May 2026 dark6

WatchGuard has released urgent security updates patching four high-severity vulnerabilities in the WatchGuard Agent for Windows, including chained CVE-2026-6787 and...
Read more 0
NVIDIA GeForce NOW Data Breach at GFN.AM: Personal Data of Users Exposed in 54-Day Unauthorized Access Incident
Databreach

NVIDIA GeForce NOW Data Breach at GFN.AM: Personal Data of Users Exposed in 54-Day Unauthorized Access Incident

9 May 2026 dark6

A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming provider, has exposed personal information including email addresses,...
Read more 0
AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer
AI

AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer

9 May 2026 dark6

Threat actors have uploaded 575+ malicious AI skills to ClawHub's OpenClaw ecosystem and abused Hugging Face repositories to deliver trojans,...
Read more 0
ZiChatBot: OceanLotus APT Uses Zulip Chat APIs as Covert Command and Control in PyPI Supply Chain Attack
Malware

ZiChatBot: OceanLotus APT Uses Zulip Chat APIs as Covert Command and Control in PyPI Supply Chain Attack

9 May 2026 dark6

A newly discovered malware called ZiChatBot abuses Zulip REST APIs for command and control, hiding malicious traffic as legitimate chat...
Read more 0
Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched
Vulnerability

Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched

9 May 2026 dark6

Vercel has released a sweeping set of security advisories for Next.js addressing more than a dozen vulnerabilities including denial-of-service, SSRF...
Read more 0
UAT-8302: China-Nexus APT Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies
Malware

UAT-8302: China-Nexus APT Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies

8 May 2026 dark6

Cisco Talos has detailed UAT-8302, a China-nexus APT group conducting long-term espionage campaigns against government agencies in southeastern Europe. The...
Read more 0