Latest news

Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack
Malware

Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack

7 May 2026 dark6

Zscaler ThreatLabZ has uncovered a campaign where attackers published a fake DeepSeek integration for the OpenClaw AI framework on GitHub,...
Read more 0
Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale
Databreach

Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale

7 May 2026 dark6

Vercel has confirmed a security breach originating through a compromised third-party AI tool (Context.ai), where attackers used stolen OAuth tokens...
Read more 0
Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls
Vulnerability

Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls

7 May 2026 dark6

A critical buffer overflow zero-day in Palo Alto Networks PAN-OS (CVE-2026-0300, CVSS 9.3) is being actively exploited in the wild....
Read more 0
DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer
Databreach

DigiCert Breached via Weaponized Screensaver: Threat Actor Steals EV Code Signing Certificates to Spread Zhong Stealer

7 May 2026 dark6

A sophisticated threat actor breached DigiCert's internal support environment in early April 2026 by tricking analysts into executing a disguised...
Read more 0
Microsoft Edge Stores Your Entire Password Vault in Cleartext Process Memory — Every Session
Privacy

Microsoft Edge Stores Your Entire Password Vault in Cleartext Process Memory — Every Session

5 May 2026 dark6

Security researcher @L1v1ng0ffTh3L4N has revealed that Microsoft Edge decrypts all stored passwords into plaintext process memory at browser launch and...
Read more 0
Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
Vulnerability

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately

5 May 2026 dark6

Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2...
Read more 0
Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
Vulnerability

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction

5 May 2026 dark6

Google has disclosed a critical zero-click remote code execution vulnerability tracked as CVE-2026-0073 in the Android System component. The flaw...
Read more 0
AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts
Phishing

AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts

4 May 2026 dark6

A sophisticated phishing operation called AccountDumpling has compromised around 30,000 Facebook accounts by routing lures through legitimate platforms including Google...
Read more 0
Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks
Vulnerability

Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks

4 May 2026 dark6

A faulty Microsoft Defender antimalware definition update incorrectly flagged two legitimate DigiCert root certificates as malware, automatically quarantining them from...
Read more 0
Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access
Phishing

Email Bombing and Fake IT Support on Microsoft Teams: How Attackers Are Stealing Remote Access

4 May 2026 dark6

Attackers are combining inbox-flooding email bombing with fake IT support personas on Microsoft Teams to trick employees into granting remote...
Read more 0
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
Vulnerability

FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server

4 May 2026 dark6

A critical vulnerability in the FreeBSD DHCP client, CVE-2026-42511, allows attackers on the same local network to execute arbitrary commands...
Read more 0
KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware
Spyware

KidsProtect: New Rebrandable Android Stalkerware Platform Lets Anyone Resell Covert Surveillance Malware

4 May 2026 dark6

A new Android spyware tool called KidsProtect is being sold on hacking forums with a white-label reseller model that lets...
Read more 0