> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21 Feb 20 Feb 18

Sunday, March 15, 2026

  1. 1
    1
    The Hacker News general
    Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

    Google patched two high-severity Chrome zero-day vulnerabilities (CVE-2026-3909 in Skia graphics library with CVSS 8.8) that are being actively exploited in the wild. The Chrome 146 update addresses an out-of-bounds write flaw that allows remote attackers to perform memory access via crafted HTML and a second V8 engine vulnerability.

  2. 2
    0
    SecurityWeek general
    Chrome 146 Update Patches Two Exploited Zero-Days

    Chrome 146 security update fixes two actively exploited zero-day vulnerabilities that can be used to manipulate data and bypass security restrictions, potentially leading to code execution. Google has confirmed both flaws are being exploited in real-world attacks, making this a critical update for all Chrome users.

  3. 3
    0
    The Hacker News general
    INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

    INTERPOL dismantled 45,000 malicious IP addresses and servers used for phishing, malware, and ransomware campaigns while arresting 94 individuals across 72 countries. This international law enforcement operation targeted criminal networks running scams and emerging cyber threats on a global scale.

  4. 4
    0
    SecurityWeek general
    Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet

    US and European law enforcement agencies disrupted the SocksEscort proxy service powered by the AVrecon botnet, which has compromised 360,000 devices since 2020. The cybercrime service provided anonymization infrastructure used by threat actors to hide their activities and evade detection.

  5. 5
    0
    BleepingComputer general
    Starbucks discloses data breach affecting hundreds of employees

    Starbucks disclosed a data breach affecting hundreds of employees after threat actors gained unauthorized access to Starbucks Partner Central accounts through phishing attacks. The incident compromised employee portal access, potentially exposing sensitive workforce information.

  6. 6
    0
    SecurityWeek general
    Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping

    Iran-linked hackers attacked medical device manufacturer Stryker, disrupting manufacturing and shipping operations by leveraging existing endpoint management software rather than traditional malware to wipe devices. The attack demonstrates sophisticated techniques using legitimate administrative tools for destructive purposes.

  7. 7
    0
    SecurityWeek general
    Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War

    Pro-Iranian hackers are expanding operations from Middle East targets into the United States during ongoing regional conflicts, raising cybersecurity risks for American defense contractors, power stations, and water treatment facilities. The targeting shift indicates potential escalation of cyber operations against critical US infrastructure.

  8. 8
    0
    BleepingComputer general
    AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

    The AppsFlyer Web SDK was temporarily compromised in a supply-chain attack where malicious JavaScript code was injected to steal cryptocurrency from users. The hijacked SDK affected websites using AppsFlyer's analytics platform, demonstrating how third-party dependencies can become attack vectors.

  9. 9
    0
    The Hacker News general
    GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

    The GlassWorm campaign escalated by abusing 72 Open VSX registry extensions, using extensionPack and extensionDependencies to turn standalone extensions into transitive malware loaders targeting developers. This supply-chain attack represents a significant escalation in how malicious code propagates through developer tool ecosystems.

  10. 10
    0
    SecurityWeek general
    Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

    A critical vulnerability in HPE AOS-CX network switches allows remote, unauthenticated attackers to reset administrator passwords and circumvent existing authentication controls. The flaw can be exploited without any authentication, giving attackers complete administrative access to affected network infrastructure.