Latest news

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials
Malware

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials

31 May 2026 dark6

A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and...
Read more 0
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack
Malware

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack

19 May 2026 dark6

Four malicious npm packages have been discovered stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, with one variant...
Read more 0
Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack
Malware

Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack

7 May 2026 dark6

Zscaler ThreatLabZ has uncovered a campaign where attackers published a fake DeepSeek integration for the OpenClaw AI framework on GitHub,...
Read more 0
Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale
Databreach

Vercel Data Breach: ShinyHunters Exploit OAuth Supply Chain Attack to Steal Customer Credentials for $2M Sale

7 May 2026 dark6

Vercel has confirmed a security breach originating through a compromised third-party AI tool (Context.ai), where attackers used stolen OAuth tokens...
Read more 0
Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access
Vulnerability

Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access

29 April 2026 dark6

Wiz researchers used AI-augmented reverse engineering to uncover CVE-2026-3854, a critical RCE flaw in GitHub's internal git infrastructure that could...
Read more 0
Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline
Databreach

Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline

21 April 2026 dark6

Inditex, owner of Zara and Bershka, has confirmed a data breach affecting transaction records accessed via a third-party analytics platform,...
Read more 0
Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise
Databreach

Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise

20 April 2026 dark6

Cloud development platform Vercel confirmed a security breach traced to a compromised employee account at third-party AI platform Context.ai. The...
Read more 0
European Commission Suffers 91.7 GB Cloud Data Breach via Trivy Supply-Chain Compromise
Databreach

European Commission Suffers 91.7 GB Cloud Data Breach via Trivy Supply-Chain Compromise

14 April 2026 dark6

CERT-EU has documented a cloud breach at the European Commission stemming from a supply-chain compromise in the Trivy container scanner....
Read more 0
Supply Chain Attack Backdoors Smart Slider 3 Pro: 800,000+ WordPress Sites at Risk
Malware

Supply Chain Attack Backdoors Smart Slider 3 Pro: 800,000+ WordPress Sites at Risk

13 April 2026 dark6

Attackers compromised Nextend's update infrastructure to distribute a weaponized version of Smart Slider 3 Pro (v3.5.1.35) for approximately six hours...
Read more 0
Smart Slider 3 Pro Plugin Backdoored via Supply Chain Attack — 800,000+ Sites at Risk
Malware

Smart Slider 3 Pro Plugin Backdoored via Supply Chain Attack — 800,000+ Sites at Risk

11 April 2026 dark6

Threat actors compromised the update infrastructure of Nextend, the vendor behind Smart Slider 3 Pro, and pushed a fully backdoored...
Read more 0