> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Friday, April 17, 2026

  1. 1
    0
    The Hacker News general
    Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

    Apache ActiveMQ Classic vulnerability CVE-2026-34197 (CVSS 8.8) has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation in the wild. Federal agencies must patch this high-severity flaw to prevent potential system compromise through the widely-used message broker.

  2. 2
    0
    BleepingComputer general
    ZionSiphon malware designed to sabotage water treatment systems

    Security researchers discovered ZionSiphon, a new malware specifically targeting water treatment and desalination operational technology systems to sabotage critical infrastructure operations. This OT-focused threat demonstrates increasing attacker sophistication in targeting industrial control systems that manage essential water services.

  3. 3
    0
    BleepingComputer general
    Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

    Operation PowerOFF coordinated action across 21 countries on April 13, 2026, seized 53 DDoS-for-hire domains and identified over 75,000 users of these illegal services. Law enforcement warned each identified cybercriminal to cease their distributed denial-of-service activities as part of the ongoing crackdown.

  4. 4
    0
    BleepingComputer general
    New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

    Researcher 'Chaotic Eclipse' released a proof-of-concept exploit for Microsoft Defender zero-day 'RedSun' that grants SYSTEM privileges, marking the second Defender zero-day published in two weeks. This follows the researcher's protest against Microsoft's handling of security researcher relationships and vulnerability disclosure processes.

  5. 5
    0
    Dark Reading general
    North Korea Uses ClickFix to Target macOS Users' Data

    North Korean threat group Sapphire Sleet is using ClickFix attacks targeting macOS users through fake job offers and fraudulent Zoom updates. The campaign steals credentials and sensitive data from Mac systems, expanding North Korea's cyber operations beyond traditional Windows targets.

  6. 6
    0
    BleepingComputer general
    Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

    Threat actors are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy NKAbuse malware variants hosted on Hugging Face Spaces. This supply chain attack leverages the popular AI development platform to distribute malware through compromised data science tools.

  7. 7
    0
    CyberScoop general
    US nationals sentenced for aiding North Korea’s tech worker scheme

    Kejia Wang (sentenced to 9 years) and Zhenxing Wang (nearly 8 years) were convicted for operating North Korean IT worker 'laptop farms' that helped operatives obtain jobs at over 100 U.S. companies. Their shell company operation generated more than $5 million for the North Korean government through fraudulent remote work schemes.

  8. 8
    0
    The Hacker News general
    Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

    Cisco Talos researchers discovered PowMix botnet targeting Czech Republic workers since December 2025, using randomized command-and-control beaconing intervals to evade network detection. The botnet avoids persistent C2 connections in favor of randomized communication patterns that bypass signature-based security controls.

  9. 9
    0
    BleepingComputer general
    Data breach at edtech giant McGraw Hill affects 13.5 million accounts

    The ShinyHunters extortion group leaked data from 13.5 million McGraw Hill user accounts after breaching the education technology company's Salesforce environment. This massive breach affects one of the largest educational publishers, potentially exposing student and educator personal information.

  10. 10
    0
    The Hacker News general
    Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

    Security researchers identified REF6598 campaign abusing Obsidian note-taking application to deliver PHANTOMPULSE RAT targeting finance and cryptocurrency sectors. The novel social engineering attack leverages the popular cross-platform productivity tool as an initial access vector for remote access trojan deployment.