Latest news

CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk
Vulnerability

CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk

24 May 2026 dark6

CISA has added CVE-2025-34291, a critical CORS misconfiguration in the Langflow AI workflow platform, to its Known Exploited Vulnerabilities catalog,...
Read more 0
CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3
Vulnerability

CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3

23 May 2026 dark6

CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following...
Read more 0
CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29
Vulnerability

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026 dark6

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities...
Read more 0
CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw
Vulnerability

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw

13 May 2026 dark6

CISA has added CVE-2026-32202, a zero-click Windows Shell authentication coercion flaw, to its KEV catalog following confirmed active exploitation by...
Read more 0
PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
Vulnerability

PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16

13 May 2026 dark6

A public PoC exploit for CVE-2026-0073 enables any network-local attacker to gain a full ADB shell on unpatched Android 14–16...
Read more 0
CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline
Vulnerability

CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline

26 April 2026 dark6

CISA has added two chained vulnerabilities in SimpleHelp remote support software — CVE-2024-57726 (missing authorization) and CVE-2024-57728 (path traversal) —...
Read more 0
Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog
Vulnerability

Fortinet FortiClientEMS Under Active Attack: Critical CVE-2026-35616 (CVSS 9.1) Added to CISA KEV Catalog

20 April 2026 dark6

A critical improper access control vulnerability in Fortinet FortiClientEMS (CVE-2026-35616, CVSS 9.1) is being actively exploited following the publication of...
Read more 0
CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV Catalog as Active Exploitation Surges
Vulnerability

CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV Catalog as Active Exploitation Surges

18 April 2026 dark6

CISA has added CVE-2026-34197, a high-severity (CVSS 8.8) deserialization flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog...
Read more 0
Google Patches Actively Exploited Chrome Zero-Day CVE-2026-5281 — CISA Deadline Hits Today
Vulnerability

Google Patches Actively Exploited Chrome Zero-Day CVE-2026-5281 — CISA Deadline Hits Today

15 April 2026 dark6

Google has patched a high-severity use-after-free zero-day in Chrome's WebGPU implementation (CVE-2026-5281) that is actively exploited in the wild. CISA...
Read more 0
Fortinet Issues Emergency Patch for Actively Exploited FortiClient EMS Zero-Day CVE-2026-35616
Vulnerability

Fortinet Issues Emergency Patch for Actively Exploited FortiClient EMS Zero-Day CVE-2026-35616

13 April 2026 dark6

A critical zero-day vulnerability (CVE-2026-35616, CVSS 9.1) in Fortinet FortiClient EMS was exploited in the wild before Fortinet published its...
Read more 0
CISA Warning: Iranian-Affiliated Hackers Targeting US Critical Infrastructure PLCs to Cause Disruption
Cybercrime

CISA Warning: Iranian-Affiliated Hackers Targeting US Critical Infrastructure PLCs to Cause Disruption

12 April 2026 dark6

CISA has issued an urgent advisory (AA26-097A) warning that Iranian-affiliated APT actors have been actively targeting internet-exposed Programmable Logic Controllers...
Read more 0
Russia’s APT28 Deploys New PRISMEX Malware in Espionage Campaign Targeting Ukraine and NATO Allies
Malware

Russia’s APT28 Deploys New PRISMEX Malware in Espionage Campaign Targeting Ukraine and NATO Allies

12 April 2026 dark6

Russia-linked APT28 (Fancy Bear) has launched a new spear-phishing espionage campaign deploying PRISMEX, a previously undocumented malware suite combining steganography,...
Read more 0