Latest news

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now
Vulnerability

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now

22 May 2026 dark6

Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC...
Read more 0
CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability
Vulnerability

CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability

20 May 2026 dark6

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted...
Read more 0
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
Read more 0
Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes
Vulnerability

Pwn2Own Berlin 2026 Day 2: Exchange, Windows 11, and AI Coding Tools Fall to Zero-Days — $908,750 in Total Prizes

18 May 2026 dark6

Day Two of Pwn2Own Berlin 2026 saw 15 new zero-day exploits demonstrated against Microsoft Exchange (full RCE chain worth $200,000),...
Read more 0
CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now
Vulnerability

CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now

15 May 2026 dark6

Fortinet has disclosed CVE-2026-26083, a critical (CVSS 9.1) missing-authorization vulnerability in FortiSandbox that lets unauthenticated attackers execute arbitrary code remotely...
Read more 0
CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm
Vulnerability

CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm

15 May 2026 dark6

A maximum-severity (CVSS 10.0) vulnerability in the SandboxJS npm library allows attackers to completely escape the JavaScript sandbox and execute...
Read more 0
Critical Exim Vulnerability (EXIM-Security-2026-05-01.1): Remote Code Execution via GnuTLS BDAT Flaw — Patch Now
Vulnerability

Critical Exim Vulnerability (EXIM-Security-2026-05-01.1): Remote Code Execution via GnuTLS BDAT Flaw — Patch Now

14 May 2026 dark6

A critical use-after-free vulnerability in Exim mail servers (versions 4.97–4.99.2 with GnuTLS) allows unauthenticated remote attackers to corrupt heap memory...
Read more 0
Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks
Vulnerability

Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks

11 May 2026 dark6

cPanel has disclosed three critical security vulnerabilities — CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 — affecting its widely deployed cPanel & WHM...
Read more 0
Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls
Vulnerability

Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls

7 May 2026 dark6

A critical buffer overflow zero-day in Palo Alto Networks PAN-OS (CVE-2026-0300, CVSS 9.3) is being actively exploited in the wild....
Read more 0
Critical Wireshark Update Patches 40+ Vulnerabilities Including Remote Code Execution Flaws
Vulnerability

Critical Wireshark Update Patches 40+ Vulnerabilities Including Remote Code Execution Flaws

1 May 2026 dark6

Wireshark 4.6.5 addresses over 40 security vulnerabilities, including critical RCE flaws in TLS, RDP, and SBC dissectors. Organizations running Wireshark...
Read more 0
CVE-2026-39987: Marimo RCE Zero-Day Exploited Within 10 Hours of Disclosure — 662 Attacks Recorded
Vulnerability

CVE-2026-39987: Marimo RCE Zero-Day Exploited Within 10 Hours of Disclosure — 662 Attacks Recorded

17 April 2026 dark6

A critical unauthenticated RCE vulnerability in the Marimo Python notebook framework (CVE-2026-39987) was actively exploited just 10 hours after public...
Read more 0
Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621 — Exploited Since December 2025
Vulnerability

Adobe Patches Actively Exploited Acrobat Reader Zero-Day CVE-2026-34621 — Exploited Since December 2025

13 April 2026 dark6

Adobe has issued an emergency patch for CVE-2026-34621 (CVSS 8.6), a prototype pollution zero-day in Acrobat Reader actively exploited since...
Read more 0