Latest news
Vulnerability
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
30 May 2026 dark6
A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers...
Vulnerability
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
28 May 2026 dark6
A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Vulnerability
PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
13 May 2026 dark6
A public PoC exploit for CVE-2026-0073 enables any network-local attacker to gain a full ADB shell on unpatched Android 14–16...
Vulnerability
cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
2 May 2026 dark6
A public proof-of-concept exploit framework called cPanelSniper has been released for CVE-2026-41940, a CVSS 9.8 authentication bypass in cPanel and...
Vulnerability
cPanel Emergency Patch: Critical Authentication Bypass Threatens Millions of Hosted Websites
29 April 2026 dark6
cPanel has issued emergency security patches across all supported versions to address a critical authentication vulnerability in cPanel and WHM...
Vulnerability
Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
21 April 2026 dark6
CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...