> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 21 Mar 20 Mar 19 Mar 18 Mar 17 Mar 16 Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21 Feb 20 Feb 18

Saturday, March 21, 2026

  1. 1
    0
    Ars Technica Security general
    Widely used Trivy scanner compromised in ongoing supply-chain attack

    Attackers compromised the widely-used Trivy vulnerability scanner from Aqua Security, hijacking 75 GitHub Action tags to inject malware that steals CI/CD secrets. This supply chain attack affects organizations using aquasecurity/trivy-action and aquasecurity/setup-trivy in their automated security workflows, marking the second Trivy compromise in a month.

  2. 2
    0
    Dark Reading general
    Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

    Oracle issued an emergency patch for CVE-2026-21992, a critical unauthenticated RCE vulnerability in Oracle Identity Manager and Web Services Manager. Attackers can execute arbitrary code without authentication when these components are exposed to the web, making this a high-priority patch for organizations using Oracle Fusion Middleware.

  3. 3
    0
    The Hacker News general
    Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

    Critical vulnerability CVE-2026-33017 in Langflow (CVSS 9.3) came under active exploitation within 20 hours of public disclosure. The flaw combines missing authentication with code injection in the POST /api/v1 endpoint, allowing remote code execution and demonstrating how quickly threat actors weaponize newly published vulnerabilities.

  4. 4
    0
    BleepingComputer general
    CISA orders feds to patch max-severity Cisco flaw by Sunday

    CISA ordered federal agencies to patch CVE-2026-20131, a maximum-severity vulnerability in Cisco Secure Firewall Management Center (FMC), by Sunday March 22. The emergency directive highlights the critical nature of this flaw affecting enterprise firewall management infrastructure.

  5. 5
    0
    BleepingComputer general
    International joint action disrupts world’s largest DDoS botnets

    International law enforcement disrupted the Aisuru, KimWolf, JackSkid, and Mossad botnets that infected 3 million IoT devices and enabled record-breaking 31.4 Tbps DDoS attacks. The operation targeted command-and-control infrastructure across the US, Germany, and Canada, dismantling some of the world's largest DDoS-for-hire networks.

  6. 6
    0
    BleepingComputer general
    FBI links Signal phishing attacks to Russian intelligence services

    FBI issued a public service announcement linking Russian intelligence services to phishing campaigns targeting Signal and WhatsApp users. The attacks have already compromised thousands of encrypted messaging accounts, representing a significant threat to secure communications used by activists, journalists, and government officials.

  7. 7
    0
    The Record threat-intel
    FBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security

    FBI seized domains used by Iran's Ministry of Intelligence and Security (MOIS) operating under the 'Handala' moniker in cyber-enabled psychological operations. A 40-page seizure warrant detailed multiple digital campaigns launched by Iranian intelligence, marking a significant disruption of state-sponsored influence operations.

  8. 8
    0
    The Hacker News general
    Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

    Sansec discovered the 'PolyShell' vulnerability in Magento's REST API allowing unauthenticated attackers to upload malicious executables disguised as images. The critical flaw enables remote code execution and account takeover on Magento e-commerce platforms, affecting thousands of online stores.

  9. 9
    0
    SecurityWeek general
    Thousands of Magento Sites Hit in Ongoing Defacement Campaign

    Ongoing defacement campaign beginning February 27 has targeted thousands of Magento e-commerce sites, affecting global brands and government services. The attacks demonstrate the widespread impact of web application vulnerabilities on commercial and public sector websites.

  10. 10
    0
    BleepingComputer general
    Max severity Ubiquiti UniFi flaw may allow account takeover

    Ubiquiti patched two vulnerabilities in UniFi Network Application including a maximum-severity flaw that could allow account takeover. The vulnerability affects the software customers use to manage Ubiquiti networking devices, potentially exposing enterprise network infrastructure to compromise.