> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Saturday, April 18, 2026

  1. 1
    0
    The Hacker News general
    Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

    Huntress reports active exploitation of three Microsoft Defender zero-day vulnerabilities (BlueHammer, RedSun, and UnDefend) that allow attackers to gain SYSTEM or elevated administrator privileges. Two of these flaws remain unpatched, creating immediate risk for organizations using Windows Defender across enterprise environments.

  2. 2
    0
    BleepingComputer general
    CISA flags Apache ActiveMQ flaw as actively exploited in attacks

    CISA added Apache ActiveMQ vulnerability CVE-2026-34197 to its Known Exploited Vulnerabilities catalog after confirming active exploitation in attacks. The high-severity flaw went undetected for 13 years before being patched in early April, affecting widely-deployed message broker infrastructure.

  3. 3
    0
    BleepingComputer general
    Payouts King ransomware uses QEMU VMs to bypass endpoint security

    Payouts King ransomware operators are leveraging QEMU virtual machine emulation to establish reverse SSH backdoors that bypass endpoint security solutions on compromised systems. This technique allows attackers to run hidden virtual environments for malware execution while evading detection by traditional security tools.

  4. 4
    0
    BleepingComputer general
    Recently leaked Windows zero-days now exploited in attacks

    Three recently disclosed Windows zero-day vulnerabilities are now being actively exploited by threat actors to achieve SYSTEM-level privileges and elevated administrator permissions. The attacks target systems running Microsoft Defender and Windows components, with two vulnerabilities still lacking official patches.

  5. 5
    0
    The Hacker News general
    Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

    Operation PowerOFF resulted in the seizure of 53 DDoS-for-hire domains and four arrests across 21 countries, disrupting services used by over 75,000 cybercriminals. The international law enforcement action exposed 3 million criminal accounts and dismantled technical infrastructure supporting commercial DDoS operations.

  6. 6
    0
    The Record threat-intel
    Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies

    Ukraine confirmed that APT28 targeted prosecutors and anti-corruption agencies by exploiting vulnerabilities in the Roundcube webmail platform. The attacks allow remote code execution when victims simply open malicious emails in their inbox, demonstrating sophisticated supply chain targeting of government communications.

  7. 7
    0
    BleepingComputer general
    Grinex exchange blames "Western intelligence" for $13.7M crypto hack

    Kyrgyzstan-based cryptocurrency exchange Grinex suspended operations after a $13.7 million hack that the company attributes to Western intelligence agencies. The exchange claims the attack required sophisticated hacking resources exclusively available to unfriendly states, highlighting geopolitical tensions in cryptocurrency security.

  8. 8
    0
    BleepingComputer general
    Cisco says critical Webex Services flaw requires customer action

    Cisco patched four critical vulnerabilities in Webex Services and Identity Services Engine, including CVE-2026-20184 (CVSS 9.8) affecting certificate validation in SSO integrations. The flaws enable arbitrary code execution and allow attackers to impersonate any user within cloud-based Webex Services, requiring immediate customer action.

  9. 9
    0
    BleepingComputer general
    US nationals behind DPRK IT worker 'laptop farm' sent to prison

    Two U.S. nationals received prison sentences for operating a North Korean IT worker 'laptop farm' that helped DPRK workers pose as U.S. residents to get hired by over 100 companies, including Fortune 500 firms. Kejia Wang received 9 years and Zhenxing Wang nearly 8 years for generating over $5 million for North Korea's government.

  10. 10
    0
    The Hacker News general
    NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

    NIST announced it will limit CVE enrichment in the National Vulnerability Database due to a 263% surge in vulnerability submissions, only enriching CVEs that meet specific criteria including CISA KEV listings and critical software impacts. This change affects how security teams will receive detailed vulnerability analysis and scoring information.