> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21 Feb 20 Feb 18

Thursday, February 26, 2026

  1. 1
    0
    threat-intel
    Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws

    CISA issued an emergency directive warning of active exploitation of Cisco SD-WAN systems by cyber threat actors, with CVE-2026-20127 being exploited since 2023 to compromise controllers and add malicious rogue peers. Five Eyes allies jointly warned about this ongoing campaign targeting federal civilian executive branch networks, marking the second series of actively exploited Cisco edge technology zero-days since spring 2025.

  2. 2
    0
    BleepingComputer general
    Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023

    Cisco warns that CVE-2026-20127, a critical authentication bypass vulnerability in Catalyst SD-WAN, has been actively exploited in zero-day attacks since 2023, allowing remote attackers to compromise controllers and add malicious rogue peers. The vulnerability affects multiple Cisco edge technology products and represents part of a broader campaign targeting network infrastructure.

  3. 3
    0
    The Hacker News general
    Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

    Google disrupted infrastructure of suspected China-nexus group UNC2814 that breached at least 53 organizations across 42 countries, targeting international governments and telecommunications organizations across Africa, Asia, and the Americas. The threat actor has been active since at least 2017 and used SaaS API calls to hide malicious traffic in their global espionage campaign.

  4. 4
    0
    The Hacker News general
    Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

    Peter Williams, former L3Harris defense contractor executive, was sentenced to 87 months in prison for selling eight zero-day exploits to Russian broker Operation Zero for millions of dollars. Williams pleaded guilty to two counts of theft of trade secrets in October 2025, with the U.S. Treasury Department simultaneously sanctioning the Russian broker who purchased the stolen tools.

  5. 5
    0
    SecurityWeek general
    SolarWinds Patches Four Critical Serv-U Vulnerabilities

    SolarWinds patched four critical Serv-U 15.5 vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541) all rated 9.1 CVSS, that could allow remote code execution with administrative privileges. The flaws include broken access control allowing system admin user creation and arbitrary code execution on affected file transfer servers.

  6. 6
    0
    BleepingComputer general
    Fake Next.js job interview tests backdoor developer's devices

    Microsoft Defender discovered a coordinated campaign targeting software developers through malicious Next.js repositories and fake technical assessment materials, including recruiting coding tests. The campaign is linked to North Korean fake job-recruitment operations aimed at establishing persistent access to infected developer machines through poisoned repositories.

  7. 7
    0
    The Hacker News general
    CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

    CISA added CVE-2026-25108, a FileZen OS command injection vulnerability with CVSS 8.7 score, to its Known Exploited Vulnerabilities catalog citing evidence of active exploitation. The flaw allows authenticated users to execute arbitrary commands on vulnerable FileZen systems.

  8. 8
    0
    The Hacker News general
    Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

    Socket discovered four malicious NuGet packages targeting ASP.NET developers that exfiltrate ASP.NET Identity data including user accounts, role assignments, and permission mappings. The packages also manipulate authorization rules to create persistent backdoors in victim applications, while a separate npm package campaign dropped malware on developer systems.

  9. 9
    0
    threat-intel
    Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach

    TriZetto software breach initially reported by Oregon counties affected more than 3 million Americans overall according to public data released this week. The 2024 breach of the health insurance technology provider impacted significantly more individuals than initially disclosed by affected counties.

  10. 10
    0
    SecurityWeek general
    Over 12 Million Users Impacted by CarGurus Data Breach

    CarGurus suffered a data breach affecting over 12 million users, with hackers claiming to have stolen personally identifiable information and internal corporate data from the automotive marketplace firm. The breach represents one of the largest consumer data exposures in the automotive sector recently disclosed.