Latest news
Vulnerability
Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access
29 April 2026 dark6
Wiz researchers used AI-augmented reverse engineering to uncover CVE-2026-3854, a critical RCE flaw in GitHub's internal git infrastructure that could...
Databreach
Inditex (Zara) Confirms Third-Party Data Breach: Transaction Records Exposed via Analytics Platform with April 21 Leak Deadline
21 April 2026 dark6
Inditex, owner of Zara and Bershka, has confirmed a data breach affecting transaction records accessed via a third-party analytics platform,...
Databreach
Vercel Confirms April 2026 Breach: ShinyHunters Accessed Source Code, API Keys, and Employee Data via AI Tool Compromise
20 April 2026 dark6
Cloud development platform Vercel confirmed a security breach traced to a compromised employee account at third-party AI platform Context.ai. The...
Databreach
European Commission Suffers 91.7 GB Cloud Data Breach via Trivy Supply-Chain Compromise
14 April 2026 dark6
CERT-EU has documented a cloud breach at the European Commission stemming from a supply-chain compromise in the Trivy container scanner....
Malware
Supply Chain Attack Backdoors Smart Slider 3 Pro: 800,000+ WordPress Sites at Risk
13 April 2026 dark6
Attackers compromised Nextend's update infrastructure to distribute a weaponized version of Smart Slider 3 Pro (v3.5.1.35) for approximately six hours...
Malware
Smart Slider 3 Pro Plugin Backdoored via Supply Chain Attack — 800,000+ Sites at Risk
11 April 2026 dark6
Threat actors compromised the update infrastructure of Nextend, the vendor behind Smart Slider 3 Pro, and pushed a fully backdoored...