> TritonInfoSec News

# Archive

Browse past daily curated stories

Mar 26 Mar 25 Mar 24 Mar 22 Mar 21 Mar 20 Mar 19 Mar 18 Mar 17 Mar 16 Mar 15 Mar 14 Mar 13 Mar 12 Mar 11 Mar 10 Mar 09 Mar 08 Mar 07 Mar 06 Mar 05 Mar 04 Mar 03 Mar 02 Mar 01 Feb 28 Feb 27 Feb 26 Feb 25 Feb 24

Thursday, March 26, 2026

  1. 1
    0
    BleepingComputer general
    PolyShell attacks target 56% of all vulnerable Magento stores

    Attackers are exploiting the PolyShell vulnerability in Magento Open Source and Adobe Commerce version 2 installations, successfully targeting 56% of all vulnerable stores. This widespread exploitation demonstrates the critical need for immediate patching of e-commerce platforms, as compromised stores can lead to customer data theft and payment card breaches.

  2. 2
    0
    BleepingComputer general
    New Torg Grabber infostealer malware targets 728 crypto wallets

    A new info-stealing malware called Torg Grabber targets 850 browser extensions, including more than 700 cryptocurrency wallet extensions. The malware represents a significant evolution in crypto-focused threats, directly targeting the growing ecosystem of browser-based cryptocurrency management tools used by millions of users.

  3. 3
    0
    BleepingComputer general
    Bubble AI app builder abused to steal Microsoft account credentials

    Threat actors are abusing the no-code platform Bubble to create and host malicious web applications that steal Microsoft account credentials. This technique allows attackers to evade traditional phishing detection systems by leveraging legitimate development platforms, making malicious sites appear more trustworthy to both users and security tools.

  4. 4
    0
    BleepingComputer general
    Citrix urges admins to patch NetScaler flaws as soon as possible

    Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, with one being very similar to the previously exploited CitrixBleed and CitrixBleed2 flaws. Given the history of zero-day exploitation of similar Citrix vulnerabilities, administrators should prioritize immediate patching to prevent potential enterprise network breaches.

  5. 5
    0
    The Hacker News general
    GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

    The GlassWorm campaign now deploys a multi-stage framework using Solana blockchain dead drops to deliver RATs and steal browser/crypto data. The malware installs a Chrome extension masquerading as offline Google Docs while performing keylogging, cookie dumping, and screenshot capture, representing a sophisticated evolution in cryptocurrency-focused threats.

  6. 6
    0
    The Hacker News general
    Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

    Cybersecurity researchers have identified an active device code phishing campaign targeting Microsoft 365 identities across 340+ organizations in the US, Canada, Australia, New Zealand, and Germany. The campaign, first spotted on February 19, 2026, leverages OAuth abuse and has been accelerating in pace since its discovery.

  7. 7
    0
    The Hacker News general
    FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

    The FCC banned all imports of new foreign-made consumer routers, citing "unacceptable" cyber and national security risks. This sweeping action affects all new router models manufactured outside the US unless manufacturers obtain specific exemptions, potentially disrupting the consumer networking equipment market.

  8. 8
    0
    The Hacker News general
    TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

    TeamPCP threat actors compromised the popular Python package litellm, publishing malicious versions 1.82.7 and 1.82.8 containing credential harvesters, Kubernetes lateral movement toolkits, and persistent backdoors. This supply chain attack follows their previous compromises of Trivy and KICS security tools, indicating an ongoing campaign targeting developer infrastructure.

  9. 9
    0
    The Hacker News general
    Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

    Russian national Ilya Angelov received a 2-year prison sentence and $100,000 fine for co-managing the TA551 botnet used in ransomware attacks against US companies. Angelov, operating under aliases "milan" and "okart," was part of a cybercriminal group that enabled BitPaymer ransomware deployment through their phishing infrastructure.

  10. 10
    0
    The Hacker News general
    LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

    Russian law enforcement arrested the alleged administrator of the LeakBase cybercrime forum, a resident of Taganrog who managed a platform for trading stolen credentials. The arrest demonstrates continued law enforcement pressure on credential marketplace operators, though the impact on the broader stolen data ecosystem remains to be seen.