Latest news

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access
Vulnerability

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026 dark6

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts...
Read more 0
CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware
Ransomware

CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware

9 June 2026 dark6

A critical CVSS 9.3 authentication bypass in Check Point Remote Access VPN (CVE-2026-50751) is being actively exploited in the wild,...
Read more 0
CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
Vulnerability

CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately

30 May 2026 dark6

A critical authentication bypass in Palo Alto Networks PAN-OS (CVE-2026-0257) is being actively exploited in two distinct waves, with attackers...
Read more 0
BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
Vulnerability

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications

28 May 2026 dark6

A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Read more 0
PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
Vulnerability

PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16

13 May 2026 dark6

A public PoC exploit for CVE-2026-0073 enables any network-local attacker to gain a full ADB shell on unpatched Android 14–16...
Read more 0
cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
Vulnerability

cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised

2 May 2026 dark6

A public proof-of-concept exploit framework called cPanelSniper has been released for CVE-2026-41940, a CVSS 9.8 authentication bypass in cPanel and...
Read more 0
cPanel Emergency Patch: Critical Authentication Bypass Threatens Millions of Hosted Websites
Vulnerability

cPanel Emergency Patch: Critical Authentication Bypass Threatens Millions of Hosted Websites

29 April 2026 dark6

cPanel has issued emergency security patches across all supported versions to address a critical authentication vulnerability in cPanel and WHM...
Read more 0
Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
Vulnerability

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests

21 April 2026 dark6

CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...
Read more 0