> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Saturday, April 11, 2026

  1. 1
    0
    The Record threat-intel
    ‘It reads like a spy novel’: $280 million theft from Drift involved North Korean fake companies, cutouts

    North Korean operatives conducted a sophisticated $280 million theft from cryptocurrency platform Drift using fake quantitative trading companies as cover. The six-month operation began when attackers approached Drift officials at a crypto conference, demonstrating the evolving tactics of DPRK-linked financial cybercrime groups targeting digital asset platforms.

  2. 2
    0
    BleepingComputer general
    Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

    Iranian-linked threat actors are targeting nearly 4,000 exposed Rockwell Automation programmable logic controllers (PLCs) in attacks against U.S. critical infrastructure networks. The campaign highlights the vulnerability of industrial control systems and represents a significant escalation in state-sponsored attacks on operational technology environments.

  3. 3
    0
    BleepingComputer general
    Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor

    Attackers compromised CPUID's API infrastructure and modified download links on the official website to distribute malware through popular system monitoring tools CPU-Z and HWMonitor. The supply chain attack demonstrates how threat actors are targeting trusted software distribution channels to reach a broad user base of system administrators and enthusiasts.

  4. 4
    0
    The Hacker News general
    Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

    A critical remote code execution vulnerability (CVE-2026-39987) in the Marimo Python notebook platform was exploited within 10 hours of public disclosure. The flaw affects all Marimo versions prior to 3.5.1.35 and allows pre-authenticated attackers to execute arbitrary code, highlighting the dangers of immediate weaponization of disclosed vulnerabilities.

  5. 5
    0
    The Record threat-intel
    Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft

    A ransomware attack on Dutch healthcare software vendor ChipSoft has disrupted digital services at hospitals across the Netherlands, forcing the company to disable patient and provider systems. The incident affects a critical healthcare IT infrastructure provider, demonstrating the cascading impact of attacks on software vendors serving multiple healthcare organizations.

  6. 6
    0
    BleepingComputer general
    Microsoft: Canadian employees targeted in payroll pirate attacks

    Microsoft's Storm-2755 threat group is conducting "payroll pirate" attacks targeting Canadian employees by hijacking their accounts to steal salary payments. The financially motivated campaign represents a new vector for cybercriminals to directly monetize compromised employee credentials through payroll system manipulation.

  7. 7
    0
    BleepingComputer general
    Hackers exploiting Acrobat Reader zero-day flaw since December

    Attackers have been exploiting an unpatched zero-day vulnerability in Adobe Reader since December using maliciously crafted PDF documents. Security researcher Haifei Li discovered evidence of the ongoing exploitation, indicating a months-long campaign targeting one of the world's most widely deployed document readers.

  8. 8
    0
    The Hacker News general
    Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

    Threat actors compromised Nextend's update servers to distribute a backdoored version of Smart Slider 3 Pro (version 3.5.1.35) for WordPress and Joomla. The supply chain attack affects a popular slider plugin with over 800,000 active WordPress installations, demonstrating how attackers target plugin update mechanisms to achieve widespread distribution.

  9. 9
    0
    BleepingComputer general
    New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

    A new Lua-based malware called LucidRook is being deployed by threat group UAT-10362 in spear-phishing campaigns targeting Taiwanese NGOs and universities. The sophisticated stager embeds a Lua interpreter and Rust-compiled libraries within a DLL, representing an evolution in multi-language malware development techniques.

  10. 10
    0
    BleepingComputer general
    New VENOM phishing attacks steal senior executives' Microsoft logins

    Cybercriminals are using a new phishing-as-a-service platform called "VENOM" to specifically target C-suite executives' Microsoft credentials across multiple industries. The campaign demonstrates the increasing sophistication of credential theft operations focusing on high-value targets within organizations.