> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Tuesday, April 14, 2026

  1. 1
    0
    BleepingComputer general
    Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw

    Adobe released an emergency security update for Acrobat Reader to fix CVE-2026-34621, a vulnerability exploited in zero-day attacks since at least December. The critical flaw allows arbitrary code execution and has a CVSS score of 8.6, making immediate patching essential for all organizations using Adobe PDF products.

  2. 2
    0
    Dark Reading general
    Adobe Patches Actively Exploited Zero-Day That Lingered for Months

    Adobe patched CVE-2026-34621, a zero-day vulnerability in Acrobat and Reader that attackers exploited for at least four months using maliciously crafted PDF files. The emergency fix addresses a critical flaw that allowed arbitrary code execution, highlighting the extended exposure window organizations faced from this actively exploited vulnerability.

  3. 3
    0
    BleepingComputer general
    FBI takedown of W3LL phishing service leads to developer arrest

    The FBI and Indonesian authorities dismantled the W3LL phishing platform and arrested its alleged developer in the first coordinated US-Indonesia enforcement action targeting phishing kit developers. W3LL allowed cybercriminals to create sophisticated phishing sites for just $500, demonstrating how law enforcement is adapting to combat industrialized phishing operations.

  4. 4
    0
    BleepingComputer general
    OpenAI rotates macOS certs after Axios attack hit code-signing workflow

    OpenAI is rotating macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a supply chain attack on March 31. While no user data or internal systems were compromised, the incident forced OpenAI to take precautionary measures to protect the integrity of its macOS application certification process.

  5. 5
    0
    BleepingComputer general
    New Booking.com data breach forces reservation PIN resets

    Booking.com confirmed unauthorized access to its systems that exposed sensitive reservation and user data, forcing the company to reset reservation PINs. The breach affects an undisclosed number of customers but has been contained, representing another significant incident in the travel industry's ongoing security challenges.

  6. 6
    0
    BleepingComputer general
    Critical flaw in wolfSSL library enables forged certificate use

    A critical vulnerability in the wolfSSL library enables attackers to forge certificates through improper verification of hash algorithms when checking ECDSA signatures. The flaw weakens SSL/TLS security implementations that rely on wolfSSL, requiring immediate updates for affected systems using this widely-deployed cryptographic library.

  7. 7
    0
    BleepingComputer general
    European Gym giant Basic-Fit data breach affects 1 million members

    Dutch fitness giant Basic-Fit announced hackers breached its systems and accessed information belonging to 1 million customers across multiple EU countries. The breach affects one of Europe's largest gym chains, exposing member data and highlighting the vulnerability of fitness industry customer databases.

  8. 8
    0
    BleepingComputer general
    Stolen Rockstar Games analytics data leaked by extortion gang

    Rockstar Games suffered a data breach linked to a security incident at analytics platform Anodot, with the ShinyHunters extortion gang now leaking stolen data on their leak site. The incident demonstrates how third-party vendor compromises can expose major gaming companies to data theft and extortion attempts.

  9. 9
    0
    The Hacker News general
    JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

    JanelaRAT, a modified version of BX RAT, targeted Latin American banks with 14,739 attacks in Brazil during 2025, stealing financial and cryptocurrency data. The malware tracks mouse inputs, logs keystrokes, takes screenshots, and specifically targets financial institutions in Brazil and Mexico, showing continued focus on Latin American banking infrastructure.

  10. 10
    0
    SecurityWeek general
    CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

    CPUID's website was compromised for less than 24 hours (April 9-10) by Russian-speaking threat actors who replaced legitimate CPU-Z and HWMonitor download links with trojanized versions containing STX RAT. The supply chain attack targeted users of popular hardware monitoring tools, demonstrating how attackers exploit trusted software distribution channels.