Latest news

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Vulnerability

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk

2 July 2026 dark6

Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent...
Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks
Vulnerability

Four New CVEs in Fluentd Expose Millions of Cloud and Kubernetes Logging Pipelines to RCE and Data Leaks

2 July 2026 dark6

Four new CVEs in the widely deployed Fluentd log collector — including a critical RCE vulnerability (CVE-2026-44024) exploitable via crafted...
Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now
Vulnerability

Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now

30 June 2026 dark6

Microsoft has disclosed CVE-2025-60727, a critical out-of-bounds read remote code execution vulnerability in Microsoft 365 Apps, Excel 2016, and multiple...
Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours
Vulnerability

Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours

30 June 2026 dark6

Threat actors are actively exploiting CVE-2026-46817, a critical CVSS 9.8 unauthenticated remote takeover flaw in Oracle E-Business Suite, with 456...
AutoJack: A Single Malicious Web Page Can Hijack Your AI Agent and Execute Arbitrary Code
AI

AutoJack: A Single Malicious Web Page Can Hijack Your AI Agent and Execute Arbitrary Code

22 June 2026 dark6

A critical three-vulnerability exploit chain called AutoJack allows a single malicious web page to hijack Microsoft AutoGen Studio's browsing agent...
CVSS 9.1: Critical Cisco ISE Vulnerabilities Enable Remote Code Execution and Unauthenticated Data Theft
Vulnerability

CVSS 9.1: Critical Cisco ISE Vulnerabilities Enable Remote Code Execution and Unauthenticated Data Theft

19 June 2026 dark6

Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) — CVE-2026-20181 (RCE, CVSS 9.1) and CVE-2026-20190 (unauthenticated...
CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution
Vulnerability

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026 dark6

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on...
Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk
AI

Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk

8 June 2026 dark6

A critical RCE vulnerability in HuggingFace Transformers (CVE-2026-4372) allows attackers to silently execute code by loading a malicious AI model,...
Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0
Vulnerability

Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0

23 May 2026 dark6

Ubiquiti Networks has released urgent firmware updates addressing five critical vulnerabilities in its UniFi OS platform, including three flaws rated...
Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls
Vulnerability

Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls

13 May 2026 dark6

Palo Alto Networks is warning of a critical CVE-2026-0300 buffer overflow in PAN-OS Captive Portal that enables unauthenticated root-level remote...
Microsoft Patch Tuesday May 2026: 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws
Vulnerability

Microsoft Patch Tuesday May 2026: 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws

13 May 2026 dark6

Microsoft's May 2026 Patch Tuesday delivers fixes for 120 vulnerabilities including 29 Critical-rated remote code execution flaws across Windows, SharePoint,...
Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now
Vulnerability

Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now

10 May 2026 dark6

Redis has disclosed five high-severity vulnerabilities (CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23631) affecting Redis Cloud, Redis Software, and all open-source community...