Latest news

Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access
Phishing

Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access

4 May 2026 dark6

Attackers are combining inbox-flooding email bombing with fake IT support personas on Microsoft Teams to trick employees into granting remote...
Read more 0
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
Vulnerability

FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server

4 May 2026 dark6

A critical vulnerability in the FreeBSD DHCP client, CVE-2026-42511, allows attackers on the same local network to execute arbitrary commands...
Read more 0
KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware
Spyware

KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware

4 May 2026 dark6

A new Android spyware tool called KidsProtect is being sold on hacking forums with a white-label reseller model that lets...
Read more 0
Exim 4.99.2 Patches Four Vulnerabilities Including Heap Corruption, DNS Crash, and Memory Leaks
Vulnerability

Exim 4.99.2 Patches Four Vulnerabilities Including Heap Corruption, DNS Crash, and Memory Leaks

4 May 2026 dark6

The Exim development team has released version 4.99.2 to fix four security vulnerabilities — including a DNS-triggered crash on musl...
Read more 0
Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor
Databreach

Trellix Source Code Breach: Hackers Gain Unauthorized Access to Internal Repository of Major XDR Vendor

3 May 2026 dark6

Cybersecurity vendor Trellix has confirmed unauthorized access to part of its internal source code repository. The company says no evidence...
Read more 0
APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
Vulnerability

APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia

3 May 2026 dark6

A sophisticated threat actor has exploited the critical cPanel authentication bypass CVE-2026-41940 to compromise government and military servers across South-East...
Read more 0
DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials
Malware

DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials

2 May 2026 dark6

Securonix researchers have documented DEEP#DOOR, a self-contained Python backdoor delivered via obfuscated batch files that systematically disables Windows defenses before...
Read more 0
China-Aligned SHADOW-EARTH Deploys ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign Across Asia
Malware

China-Aligned SHADOW-EARTH Deploys ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign Across Asia

2 May 2026 dark6

A China-aligned threat group has conducted a prolonged espionage campaign against government agencies and critical infrastructure across eight Asian countries....
Read more 0
cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
Vulnerability

cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised

2 May 2026 dark6

A public proof-of-concept exploit framework called cPanelSniper has been released for CVE-2026-41940, a CVSS 9.8 authentication bypass in cPanel and...
Read more 0
CORDIAL SPIDER and SNARKY SPIDER Deploy AiTM Pages to Breach SharePoint, HubSpot, and Google Workspace
Phishing

CORDIAL SPIDER and SNARKY SPIDER Deploy AiTM Pages to Breach SharePoint, HubSpot, and Google Workspace

2 May 2026 dark6

Two threat groups are deploying adversary-in-the-middle phishing pages combined with voice phishing to bypass MFA and hijack enterprise SaaS sessions....
Read more 0
VECT 2.0 Ransomware Permanently Destroys Files Over 128 KB Due to Encryption Flaw
Ransomware

VECT 2.0 Ransomware Permanently Destroys Files Over 128 KB Due to Encryption Flaw

1 May 2026 dark6

A critical encryption bug in VECT 2.0 ransomware permanently destroys all files larger than 128 KB rather than encrypting them,...
Read more 0
Phoenix PhaaS Platform Weaponizes SMS to Impersonate Banks, Telecoms, and Delivery Firms Worldwide
Phishing

Phoenix PhaaS Platform Weaponizes SMS to Impersonate Banks, Telecoms, and Delivery Firms Worldwide

1 May 2026 dark6

A new Phishing-as-a-Service platform called Phoenix has been linked to over 1,500 phishing domains since early 2024, running large-scale smishing...
Read more 0