Latest news

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets
Vulnerability

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets

8 June 2026 dark6

Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ...
Read more 0
OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration
AI

OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration

8 June 2026 dark6

OpenAI has released ChatGPT Lockdown Mode, a new security feature that disables outbound network capabilities to cut off data exfiltration...
Read more 0
Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk
AI

Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk

8 June 2026 dark6

A critical RCE vulnerability in HuggingFace Transformers (CVE-2026-4372) allows attackers to silently execute code by loading a malicious AI model,...
Read more 0
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
Read more 0
Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Cybercrime

Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR

4 June 2026 dark6

Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR...
Read more 0
Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord
Vulnerability

Five OpenClaw Zero-Days Let Attackers Silently Hijack AI Agent Access on Slack, Teams, and Discord

4 June 2026 dark6

Researcher Philip Garabandic disclosed five zero-day vulnerabilities in OpenClaw allowing identity spoofing to hijack trusted AI agent access across Slack,...
Read more 0
Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen
AI

Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen

1 June 2026 dark6

A critical flaw in Meta's AI account recovery tool allowed attackers to trick the chatbot into sending password reset codes...
Read more 0
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
Vulnerability

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications

28 May 2026 dark6

A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Read more 0
AI Discovers 10,000+ Zero-Days: Anthropic’s Claude Mythos Preview Transforms Cybersecurity Defense
AI

AI Discovers 10,000+ Zero-Days: Anthropic’s Claude Mythos Preview Transforms Cybersecurity Defense

24 May 2026 dark6

Anthropic's Claude Mythos Preview AI model has autonomously discovered over 10,000 critical zero-day vulnerabilities across major software systems as part...
Read more 0
Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code
Vulnerability

Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code

21 May 2026 dark6

Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0