Latest news

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM
Vulnerability

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026 dark6

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to...
Read more 0
CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available
Vulnerability

CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available

9 June 2026 dark6

A use-after-free vulnerability in the Linux kernel nftables subsystem (CVE-2026-23111) allows unprivileged local attackers to escalate privileges to root on...
Read more 0
CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
Vulnerability

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now

8 June 2026 dark6

CISA has added CVE-2022-0492, a Linux kernel improper authentication flaw, to its Known Exploited Vulnerabilities catalog. The vulnerability enables privilege...
Read more 0
CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access
Vulnerability

CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access

8 June 2026 dark6

Ivanti has disclosed a high-severity privilege escalation vulnerability in its Neurons for ITSM platform, tracked as CVE-2026-9614 with a CVSS...
Read more 0
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
Vulnerability

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026 dark6

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Read more 0
CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3
Vulnerability

CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3

23 May 2026 dark6

CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following...
Read more 0
LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
Vulnerability

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access

23 May 2026 dark6

LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already...
Read more 0
Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released
Vulnerability

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026 dark6

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level...
Read more 0
First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance
Vulnerability

First Public macOS Kernel Exploit on Apple M5 Bypasses Hardware Memory Protection — Developed in Just Five Days With AI Assistance

18 May 2026 dark6

Security researchers have developed the first known public macOS kernel exploit targeting Apple M5 hardware, bypassing Memory Integrity Enforcement (MIE)...
Read more 0
CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
Vulnerability

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released

17 May 2026 dark6

A critical Linux kernel race condition flaw (CVE-2026-46333), dubbed 'ssh-keysign-pwn,' allows local unprivileged attackers to steal SSH private keys and...
Read more 0
WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows
Vulnerability

WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows

10 May 2026 dark6

WatchGuard has released urgent security updates patching four high-severity vulnerabilities in the WatchGuard Agent for Windows, including chained CVE-2026-6787 and...
Read more 0
Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released
Vulnerability

Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released

8 May 2026 dark6

A newly disclosed Linux kernel vulnerability dubbed Dirty Frag chains two page-cache write flaws to achieve full root access on...
Read more 0