> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21 Feb 20 Feb 18

Thursday, March 12, 2026

  1. 1
    0
    The Hacker News general
    CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

    CISA added CVE-2025-68613, a critical n8n vulnerability with a 9.9 CVSS score, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The expression injection flaw leads to remote code execution, with approximately 24,700 exposed instances still vulnerable despite patches being available.

  2. 2
    0
    The Record threat-intel
    Medical device giant Stryker confirms cyberattack as employees say devices were wiped

    Medical device giant Stryker confirmed a cyberattack by Iran-linked group Handala that disrupted operations and wiped employee devices in retaliation for U.S.-Israeli strikes on Iran. The attack forced over 5,000 workers at Stryker's Irish hub to be sent home, with the company's U.S. headquarters reporting a building emergency.

  3. 3
    0
    Ars Technica Security general
    14,000 routers are infected by malware that's highly resistant to takedowns

    A malware campaign has infected approximately 14,000 routers, primarily Asus devices located in the United States, with highly resilient malware that's difficult to remove. The KadNap malware enlists compromised edge devices into a stealth proxy botnet for routing malicious traffic.

  4. 4
    0
    Dark Reading general
    Xygeni GitHub Action Compromised Via Tag Poison

    AppSec vendor Xygeni's GitHub Action was compromised via tag poisoning attack, with attackers operating an active C2 implant for up to a week. The xygeni/xygeni-action repository was targeted, potentially affecting software supply chain security for organizations using this GitHub Action.

  5. 5
    0
    BleepingComputer general
    New PhantomRaven NPM attack wave steals dev data via 88 packages

    The PhantomRaven supply-chain campaign launched new attacks on npm registry with 88 malicious packages designed to exfiltrate sensitive data from JavaScript developers. These packages masquerade as legitimate development tools while stealing credentials and project data from compromised developer environments.

  6. 6
    0
    BleepingComputer general
    SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

    A critical SQL injection vulnerability affects Ally, an Elementor WordPress plugin for web accessibility with over 400,000 installations. The unauthenticated flaw could allow attackers to steal sensitive database information from more than 250,000 WordPress sites using the plugin.

  7. 7
    0
    BleepingComputer general
    Medtech giant Stryker offline after Iran-linked wiper malware attack

    Medical technology leader Stryker was hit by wiper malware attack claimed by Handala, an Iranian-linked pro-Palestinian hacktivist group. The attack reportedly wiped over 200,000 company devices and forced the evacuation of thousands of employees from Stryker facilities globally.

  8. 8
    0
    The Hacker News general
    Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

    Microsoft's March Patch Tuesday addressed 84 security vulnerabilities, including two publicly known zero-days but none actively exploited in the wild. This marks the first month in six months without actively exploited vulnerabilities, with 8 critical and 76 important severity flaws patched.

  9. 9
    0
    The Hacker News general
    Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

    Two critical n8n workflow automation platform vulnerabilities were disclosed: CVE-2026-27577 (CVSS 9.4) enabling expression sandbox escape for RCE, and CVE-2026-27493 (CVSS 9.5) allowing unauthenticated credential exposure. These flaws could result in arbitrary command execution and stored credential theft.

  10. 10
    0
    The Hacker News general
    UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

    UNC6426 threat actors exploited stolen keys from the nx npm supply-chain compromise to achieve complete cloud environment breach within 72 hours. The attackers used a stolen developer's GitHub token to gain unauthorized AWS admin access and exfiltrate sensitive data from the compromised cloud infrastructure.