Latest news

Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack
Phishing

Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack

1 June 2026 dark6

Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote...
Read more 0
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Cybercrime

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026 dark6

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Read more 0
Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen
AI

Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen

1 June 2026 dark6

A critical flaw in Meta's AI account recovery tool allowed attackers to trick the chatbot into sending password reset codes...
Read more 0
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Vulnerability

CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately

1 June 2026 dark6

Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild....
Read more 0
Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials
Malware

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials

31 May 2026 dark6

A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and...
Read more 0
Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks
Vulnerability

Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks

31 May 2026 dark6

Google has moved Device Bound Session Credentials (DBSC) to general availability in Chrome on Windows, cryptographically binding session cookies to...
Read more 0
GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities
Vulnerability

GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities

31 May 2026 dark6

GitLab has released emergency security patches (versions 19.0.1, 18.11.4, 18.10.7) fixing a CVSS 8.2 Duo AI identity flaw (CVE-2026-4868) that...
Read more 0
Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures
Vulnerability

Microsoft Releases Emergency KB5089573 for Windows 11 to Permanently Fix Patch Tuesday Install Failures

31 May 2026 dark6

Microsoft has released KB5089573, a critical out-of-band update for Windows 11, permanently fixing the EFI System Partition space issue that...
Read more 0
JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain
Malware

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain

30 May 2026 dark6

Threat actor JINX-0164 is targeting cryptocurrency developers via fake LinkedIn profiles, luring them into downloading custom macOS malware (AUDIOFIX and...
Read more 0
‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks
Ransomware

‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks

30 May 2026 dark6

A new Go-based ransomware called The Gentlemen (tracked as Storm-2697 by Microsoft) spreads automatically across networks using eight simultaneous propagation...
Read more 0
GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine
Cybercrime

GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine

30 May 2026 dark6

A newly tracked threat actor called GREYVIBE is using generative AI tools including ChatGPT and Google Gemini to develop malware,...
Read more 0
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
Vulnerability

CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately

30 May 2026 dark6

A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers...
Read more 0