Latest news

Apple Patches iOS Notification Flaw (CVE-2026-28950) That Let the FBI Read Deleted Signal Messages
Privacy

Apple Patches iOS Notification Flaw (CVE-2026-28950) That Let the FBI Read Deleted Signal Messages

23 April 2026 dark6

Apple has shipped iOS 26.4.2 to fix CVE-2026-28950, a notification-logging flaw that let forensic investigators recover Signal message previews long...
Read more 0
Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility
Databreach

Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility

23 April 2026 dark6

Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set...
Read more 0
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
Vulnerability

Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate

23 April 2026 dark6

A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being...
Read more 0
Booking.com Notifies Customers of Data Breach Exposing Reservation Details and Personal Information
Databreach

Booking.com Notifies Customers of Data Breach Exposing Reservation Details and Personal Information

22 April 2026 dark6

Booking.com has notified customers of a data breach that exposed personal information including full names, addresses, phone numbers, email addresses,...
Read more 0
Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released
Vulnerability

Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released

22 April 2026 dark6

A critical SQL injection zero-day in Fortinet's FortiClient EMS (CVE-2026-35616) is being actively exploited in the wild. WatchTowr sensors detected...
Read more 0
Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild
Vulnerability

Windows Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Actively Exploited in the Wild

22 April 2026 dark6

Three critical zero-day vulnerabilities — BlueHammer (CVE-2026-33825), RedSun, and UnDefend — have been discovered in Windows Defender's remediation engine. All...
Read more 0
Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk
Vulnerability

Cisco Patches Four Critical Flaws in Identity Services Engine and Webex: Unauthenticated RCE and Full User Impersonation at Risk

21 April 2026 dark6

Cisco has patched four critical vulnerabilities in Identity Services Engine (ISE) and Webex, including an unauthenticated remote code execution flaw...
Read more 0
Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline
Databreach

Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline

21 April 2026 dark6

Inditex, owner of Zara and Bershka, has confirmed a data breach affecting transaction records accessed via a third-party analytics platform,...
Read more 0
Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
Vulnerability

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests

21 April 2026 dark6

CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...
Read more 0
ShinyHunters Sets April 21 Deadline for Canada Life Assurance: 5.6 Million Salesforce Records at Risk
Databreach

ShinyHunters Sets April 21 Deadline for Canada Life Assurance: 5.6 Million Salesforce Records at Risk

21 April 2026 dark6

ShinyHunters claims to have breached Canada Life Assurance Company, stealing over 5.6 million Salesforce records containing PII. The group set...
Read more 0
Omnistealer Malware Uses Blockchain Permanence to Host Unremovable Payloads, Compromising 300,000 Credentials
Malware

Omnistealer Malware Uses Blockchain Permanence to Host Unremovable Payloads, Compromising 300,000 Credentials

20 April 2026 dark6

A sophisticated new infostealer dubbed Omnistealer embeds its payloads directly into public blockchain transactions on TRON, Aptos, and Binance Smart...
Read more 0
Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise
Databreach

Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise

20 April 2026 dark6

Cloud development platform Vercel confirmed a security breach traced to a compromised employee account at third-party AI platform Context.ai. The...
Read more 0