Latest news
Vulnerability
25-Year-Old cURL Vulnerability Patched in Record-Breaking Security Release Fixing 18 CVEs
26 June 2026 dark6
A critical authentication bypass flaw in cURL that had existed undetected for over 25 years has been patched in curl...
Malware
Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets
18 June 2026 dark6
A sophisticated supply chain attack has compromised over 141 packages in the Mastra-AI npm ecosystem, including @mastra/core which sees 918,000...
Malware
Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
29 May 2026 dark6
The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux —...
Vulnerability
Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now
10 May 2026 dark6
Redis has disclosed five high-severity vulnerabilities (CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23631) affecting Redis Cloud, Redis Software, and all open-source community...
Malware
Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend
24 April 2026 dark6
JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network...