Latest news

GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities
Vulnerability

GitLab Patches High-Severity Duo AI Identity Flaw and Multiple Authorization, DoS Vulnerabilities

31 May 2026 dark6

GitLab has released emergency security patches (versions 19.0.1, 18.11.4, 18.10.7) fixing a CVSS 8.2 Duo AI identity flaw (CVE-2026-4868) that...
Read more 0
Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge
Vulnerability

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge

11 May 2026 dark6

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365...
Read more 0
SonicWall SonicOS Flaws Let Attackers Bypass Firewall Access Controls and Trigger Denial of Service
Vulnerability

SonicWall SonicOS Flaws Let Attackers Bypass Firewall Access Controls and Trigger Denial of Service

30 April 2026 dark6

SonicWall has patched three vulnerabilities in SonicOS — CVE-2026-0204 (CVSS 8.0), CVE-2026-0205, and CVE-2026-0206 — affecting Generation 6, 7, and...
Read more 0
Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files
Vulnerability

Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files

28 April 2026 dark6

CrowdStrike has issued an emergency advisory for CVE-2026-40050, a CVSS 9.8 unauthenticated path-traversal flaw in LogScale that lets remote attackers...
Read more 0
CVSS 10.0: Critical Flowise AI Vulnerability Is Being Actively Exploited — 15,000+ Instances Still Exposed
AI

CVSS 10.0: Critical Flowise AI Vulnerability Is Being Actively Exploited — 15,000+ Instances Still Exposed

9 April 2026 dark6

A maximum-severity RCE vulnerability (CVE-2025-59528, CVSS 10.0) in the popular Flowise AI agent builder is under active attack. Over 15,000...
Read more 0
Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15
Vulnerability

Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15

9 April 2026 dark6

Google has patched CVE-2026-5281, a use-after-free zero-day in Chrome’s WebGPU engine already exploited in the wild. It’s the fourth Chrome...
Read more 0
A Silent Vulnerability Exposed: How Hackers Used Hidden Commands to Steal Sensitive Data
Vulnerability

A Silent Vulnerability Exposed: How Hackers Used Hidden Commands to Steal Sensitive Data

3 December 2025 dark6

Microsoft’s seemingly “unremarkable” November 2025 Patch Tuesday update actually contained a major security fix. But even the most meticulous patching...
Read more 0
FortiWeb CVE-2025-64446 PoC: a critical weapon now widely available
Vulnerability

FortiWeb CVE-2025-64446 PoC: a critical weapon now widely available

16 November 2025 dark6

The cybersecurity landscape has shifted once again, driven by the public release of a proof-of-concept exploit targeting the critical vulnerability...
Read more 0
NVIDIA NeMo Framework: a critical cascade of vulnerabilities
Vulnerability

NVIDIA NeMo Framework: a critical cascade of vulnerabilities

14 November 2025 dark6

The NVIDIA NeMo Framework, a cornerstone of conversational AI development, has recently revealed a significant and frankly concerning weakness. The...
Read more 0
Critical Roundcube vulnerability (CVE-2025-49113): exploit sold in Darknet as “Email Armageddon” looms
Vulnerability

Critical Roundcube vulnerability (CVE-2025-49113): exploit sold in Darknet as “Email Armageddon” looms

6 June 2025 securebulletin.com

A decade-old Remote Code Execution (RCE) flaw in Roundcube, the widely used open-source email client, has escalated into a global...
Read more 0
China-Linked APTs exploit critical SAP NetWeaver vulnerability to breach over 580 systems globally
Cybercrime

China-Linked APTs exploit critical SAP NetWeaver vulnerability to breach over 580 systems globally

13 May 2025 securebulletin.com

In a significant escalation of cyber-espionage activities, multiple China-affiliated advanced persistent threat (APT) groups have been found actively exploiting a...
Read more 0
MITRE Signals Critical Risk to CVE Program as Federal Funding Expires
Vulnerability

MITRE Signals Critical Risk to CVE Program as Federal Funding Expires

15 April 2025 securebulletin.com

The cybersecurity world faces a significant challenge as the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global vulnerability...
Read more 0