Latest news

Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users
Vulnerability

Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users

23 June 2026 dark6

A critical heap overread vulnerability in Squid Proxy, dubbed Squidbleed, has gone undetected since 1997. Discovered with the help of...
Read more 0
Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild
Vulnerability

Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild

17 June 2026 dark6

Threat actors are actively exploiting three critical Fortinet FortiSandbox vulnerabilities — including CVE-2026-39813, which has no prior exploitation history. All...
Read more 0
CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched
Vulnerability

CVE-2025-14177: Malicious JPEG Files Expose PHP Heap Memory — Critical Flaws in getimagesize() and iptcembed() Patched

18 May 2026 dark6

Two critical memory-safety vulnerabilities in PHP image-processing functions allow attackers to leak sensitive heap memory (CVE-2025-14177) or trigger heap buffer...
Read more 0
CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now
Vulnerability

CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now

16 May 2026 dark6

A critical vulnerability (CVE-2026-8178) in the Amazon Redshift JDBC driver allows remote code execution through manipulated database connection URLs. The...
Read more 0
CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required
Vulnerability

CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required

16 May 2026 dark6

A critical authentication bypass flaw in PraisonAI's legacy API server (CVE-2026-44338) shipped with auth disabled by default, allowing unauthenticated attackers...
Read more 0
Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge
Vulnerability

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge

11 May 2026 dark6

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365...
Read more 0
Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks
Vulnerability

Three Critical cPanel and WHM Vulnerabilities Enable Code Execution, File Reads, and DoS Attacks

11 May 2026 dark6

cPanel has disclosed three critical security vulnerabilities — CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 — affecting its widely deployed cPanel & WHM...
Read more 0
Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)
Vulnerability

Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)

28 April 2026 dark6

Deutsche Telekom's Red Team has disclosed Pack2TheRoot (CVE-2026-41651), a critical local privilege escalation flaw in the PackageKit daemon affecting all...
Read more 0
The Kitten Project: A New Era of Coordinated Hacktivism
Hacktivism

The Kitten Project: A New Era of Coordinated Hacktivism

8 December 2025 dark6

The cyber-world has always been a stage for activism and protest, but the rise of hacktivism offers something different –...
Read more 0
A Critical Patch for Vulnerable Next.js: New Scanner Unveils Hidden Attacks
Vulnerability

A Critical Patch for Vulnerable Next.js: New Scanner Unveils Hidden Attacks

4 December 2025 dark6

With the rise of Serverless functions, static site generators like Next.js have become ubiquitous in web development, streamlining functionality and...
Read more 0
A Silent Vulnerability Exposed: How Hackers Used Hidden Commands to Steal Sensitive Data
Vulnerability

A Silent Vulnerability Exposed: How Hackers Used Hidden Commands to Steal Sensitive Data

3 December 2025 dark6

Microsoft’s seemingly “unremarkable” November 2025 Patch Tuesday update actually contained a major security fix. But even the most meticulous patching...
Read more 0
HashJack: weaponizing trust in AI browser assistants
AI

HashJack: weaponizing trust in AI browser assistants

26 November 2025 dark6

A vulnerability in the way AI browser assistants handle URL fragments opens doors for malicious attacks. For years, we’ve seen...
Read more 0