> TritonInfoSec News

# Archive

Browse past daily curated stories

May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04

Thursday, March 26, 2026

  1. 1
    0
    BleepingComputer general
    PolyShell attacks target 56% of all vulnerable Magento stores

    Attackers are exploiting the PolyShell vulnerability in Magento Open Source and Adobe Commerce version 2 installations, successfully targeting 56% of all vulnerable stores. This widespread exploitation demonstrates the critical need for immediate patching of e-commerce platforms, as compromised stores can lead to customer data theft and payment card breaches.

  2. 2
    0
    BleepingComputer general
    New Torg Grabber infostealer malware targets 728 crypto wallets

    A new info-stealing malware called Torg Grabber targets 850 browser extensions, including more than 700 cryptocurrency wallet extensions. The malware represents a significant evolution in crypto-focused threats, directly targeting the growing ecosystem of browser-based cryptocurrency management tools used by millions of users.

  3. 3
    0
    BleepingComputer general
    Bubble AI app builder abused to steal Microsoft account credentials

    Threat actors are abusing the no-code platform Bubble to create and host malicious web applications that steal Microsoft account credentials. This technique allows attackers to evade traditional phishing detection systems by leveraging legitimate development platforms, making malicious sites appear more trustworthy to both users and security tools.

  4. 4
    0
    BleepingComputer general
    Citrix urges admins to patch NetScaler flaws as soon as possible

    Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, with one being very similar to the previously exploited CitrixBleed and CitrixBleed2 flaws. Given the history of zero-day exploitation of similar Citrix vulnerabilities, administrators should prioritize immediate patching to prevent potential enterprise network breaches.

  5. 5
    0
    The Hacker News general
    GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

    The GlassWorm campaign now deploys a multi-stage framework using Solana blockchain dead drops to deliver RATs and steal browser/crypto data. The malware installs a Chrome extension masquerading as offline Google Docs while performing keylogging, cookie dumping, and screenshot capture, representing a sophisticated evolution in cryptocurrency-focused threats.

  6. 6
    0
    The Hacker News general
    Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

    Cybersecurity researchers have identified an active device code phishing campaign targeting Microsoft 365 identities across 340+ organizations in the US, Canada, Australia, New Zealand, and Germany. The campaign, first spotted on February 19, 2026, leverages OAuth abuse and has been accelerating in pace since its discovery.

  7. 7
    0
    The Hacker News general
    FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

    The FCC banned all imports of new foreign-made consumer routers, citing "unacceptable" cyber and national security risks. This sweeping action affects all new router models manufactured outside the US unless manufacturers obtain specific exemptions, potentially disrupting the consumer networking equipment market.

  8. 8
    0
    The Hacker News general
    TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

    TeamPCP threat actors compromised the popular Python package litellm, publishing malicious versions 1.82.7 and 1.82.8 containing credential harvesters, Kubernetes lateral movement toolkits, and persistent backdoors. This supply chain attack follows their previous compromises of Trivy and KICS security tools, indicating an ongoing campaign targeting developer infrastructure.

  9. 9
    0
    The Hacker News general
    Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

    Russian national Ilya Angelov received a 2-year prison sentence and $100,000 fine for co-managing the TA551 botnet used in ransomware attacks against US companies. Angelov, operating under aliases "milan" and "okart," was part of a cybercriminal group that enabled BitPaymer ransomware deployment through their phishing infrastructure.

  10. 10
    0
    The Hacker News general
    LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

    Russian law enforcement arrested the alleged administrator of the LeakBase cybercrime forum, a resident of Taganrog who managed a platform for trading stolen credentials. The arrest demonstrates continued law enforcement pressure on credential marketplace operators, though the impact on the broader stolen data ecosystem remains to be seen.