> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 16 Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21 Feb 20 Feb 18

Monday, March 16, 2026

  1. 1
    1
    SecurityWeek general
    ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

    Hundreds of GitHub accounts were compromised using credentials stolen during the VS Code GlassWorm campaign, leading to the ForceMemo attack that targeted Python repositories. This supply chain attack demonstrates how initial credential theft can cascade into broader repository compromises, threatening the integrity of open-source Python packages that security teams rely on.

  2. 2
    0
    The Hacker News general
    ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

    Three ClickFix campaigns are distributing the MacSync macOS infostealer through fake AI tool installers, using social engineering rather than exploits to trick users into executing malicious commands. The attack specifically targets macOS users by masquerading as legitimate AI software, highlighting how threat actors are adapting to target the growing macOS enterprise user base.

  3. 3
    0
    The Hacker News general
    DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

    The DRILLAPP backdoor campaign targeting Ukrainian entities in February 2026 abuses Microsoft Edge debugging features for stealth espionage, with overlaps to Russia-linked Laundry Bear (UAC-0190/Void Blizzard) operations. This sophisticated technique leverages legitimate browser debugging APIs to maintain persistence while evading detection, representing an evolution in living-off-the-land tactics.

  4. 4
    0
    SecurityWeek general
    Hacking Attempt Reported at Poland’s Nuclear Research Center

    A hacking attempt was reported at Poland's Nuclear Research Center with initial evidence pointing to Iran, though officials acknowledge it could be a false flag operation. This incident highlights the continued targeting of critical nuclear infrastructure by nation-state actors and the challenge of accurate attribution in geopolitically sensitive attacks.

  5. 5
    0
    The Hacker News general
    Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

    Android 17 Beta 2 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks non-accessibility apps from using the accessibility services API to prevent malware abuse. This change addresses a common attack vector where malicious apps exploit accessibility permissions to perform unauthorized actions, particularly impacting banking trojans and other mobile threats.

  6. 6
    0
    SecurityWeek general
    Loblaw Data Breach Impacts Customer Information

    Loblaw suffered a data breach exposing customer personal information including names, email addresses, and phone numbers. The breach affects one of Canada's largest retail chains, potentially impacting millions of customers and demonstrating how retail infrastructure remains a high-value target for cybercriminals seeking personal data for identity theft and fraud.

  7. 7
    0
    BleepingComputer general
    Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw

    Microsoft released an out-of-band hotpatch update to fix a remote code execution vulnerability in Windows 11 Enterprise's Routing and Remote Access Service (RRAS). The OOB release indicates the severity of this RCE flaw, which could allow attackers to execute arbitrary code on affected Windows 11 Enterprise systems receiving hotpatch updates.

  8. 8
    0
    The Hacker News general
    OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

    China's CNCERT warned about security flaws in OpenClaw (formerly Clawdbot/Moltbot), an open-source AI agent platform with weak default configurations that enable prompt injection and data exfiltration attacks. The vulnerabilities affect organizations deploying autonomous AI agents and highlight the security risks of self-hosted AI systems with insufficient access controls.

  9. 9
    1
    CyberScoop general
    The ransomware economy is shifting toward straight-up data extortion

    Google's ransomware research report reveals the ransomware economy is shifting toward pure data extortion without encryption, complicating impact assessment and response strategies. This evolution means traditional backup-based recovery approaches may be insufficient as attackers focus on data theft and extortion rather than system encryption, requiring new defensive strategies.

  10. 10
    1
    CyberScoop general
    Attackers are exploiting AI faster than defenders can keep up, new report warns

    A Booz Allen Hamilton report warns that cybersecurity has entered a new phase where threat actors adopt AI tools faster than defenders, significantly reducing response times for IT security teams. The research indicates attackers are leveraging mature AI capabilities to accelerate attack timelines, creating an asymmetric advantage that challenges traditional incident response frameworks.