> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 24 Mar 22 Mar 21 Mar 20 Mar 19 Mar 18 Mar 17 Mar 16 Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24 Feb 23 Feb 21

Tuesday, March 24, 2026

  1. 1
    0
    The Record threat-intel
    Hacker walks away with $24.5 million after breaching Resolv DeFi platform

    A hacker exploited the Resolv DeFi platform and stole $24.5 million in ETH, prompting the platform to offer a 10% bounty for the funds' return. This represents one of the largest DeFi exploits in recent months and highlights ongoing security vulnerabilities in decentralized finance protocols that security professionals need to monitor.

  2. 2
    0
    Dark Reading general
    Trivy Supply Chain Attack Targets CI/CD Secrets

    Threat actors compromised the Trivy open source security scanner to deploy infostealers into CI/CD workflows, targeting cloud credentials, SSH keys, and tokens. This supply chain attack demonstrates how attackers are weaponizing trusted security tools to breach developer environments and steal sensitive infrastructure secrets.

  3. 3
    0
    BleepingComputer general
    Trivy supply-chain attack spreads to Docker, GitHub repos

    The TeamPCP hackers expanded their Trivy supply-chain attack by pushing malicious Docker images and hijacking Aqua Security's GitHub organization to tamper with dozens of repositories. This escalation shows how initial supply chain compromises can rapidly spread across multiple distribution channels and development platforms.

  4. 4
    0
    BleepingComputer general
    TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

    The TeamPCP hacking group deployed a wiper malware targeting Kubernetes clusters that destroys all machines when it detects systems configured for Iran's timezone or language settings. This geopolitically-motivated attack represents a dangerous escalation from data theft to infrastructure destruction in cloud environments.

  5. 5
    0
    The Hacker News general
    North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

    North Korean WaterPlum threat actors deployed StoatWaffle malware through malicious VS Code projects using "tasks.json" auto-run features since December 2025. This technique represents a novel abuse of legitimate developer tools to execute malware automatically when projects are opened in Visual Studio Code.

  6. 6
    0
    The Hacker News general
    Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

    Arctic Wolf observed active exploitation of CVE-2025-32975 (CVSS 10.0) against unpatched Quest KACE Systems Management Appliance systems starting March 9, 2026. This maximum-severity vulnerability allows complete system compromise and demonstrates the critical need for immediate patching of exposed management appliances.

  7. 7
    0
    SecurityWeek general
    Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

    Oracle released an emergency patch for CVE-2026-21992, a critical Identity Manager vulnerability that enables unauthenticated remote code execution and may have been exploited in the wild. This out-of-band patch underscores the severity of identity management system vulnerabilities that can compromise entire enterprise environments.

  8. 8
    0
    The Record threat-intel
    Education company Kaplan reports data breach impacting more than 230,000

    Educational services company Kaplan reported a cybersecurity incident from fall 2025 that exposed Social Security numbers and driver's license data for over 230,000 individuals. This breach highlights the persistent targeting of educational institutions that maintain extensive personal information databases for students and staff.

  9. 9
    0
    BleepingComputer general
    Crunchyroll probes breach after hacker claims to steal 6.8M users' data

    Hackers claimed to have stolen personal information for approximately 6.8 million users from anime streaming platform Crunchyroll, prompting the company to launch a breach investigation. This incident affects a significant portion of the platform's user base and demonstrates how entertainment services remain attractive targets for credential theft.

  10. 10
    0
    BleepingComputer general
    FBI warns of Handala hackers using Telegram in malware attacks

    The FBI warned that Iranian Handala hackers linked to Iran's Ministry of Intelligence and Security are using Telegram messenger in malware distribution campaigns. This advisory highlights how state-sponsored actors are leveraging popular messaging platforms to deliver malicious payloads while evading traditional email security controls.