> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Tuesday, April 21, 2026

  1. 1
    0
    BleepingComputer general
    KelpDAO suffers $290 million heist tied to Lazarus hackers

    North Korean state-sponsored Lazarus Group hackers stole $290 million from KelpDAO DeFi project on Saturday, marking one of the largest crypto heists attributed to the group. The attack continues North Korea's pattern of targeting cryptocurrency platforms to fund regime operations and circumvent international sanctions.

  2. 2
    0
    BleepingComputer general
    China's Apple App Store infiltrated by crypto-stealing wallet apps

    Twenty-six malicious apps infiltrated China's Apple App Store impersonating popular cryptocurrency wallets including Metamask, Coinbase, Trust Wallet, and OneKey to steal users' recovery phrases and drain crypto assets. The attack demonstrates sophisticated app store infiltration techniques targeting the growing Chinese crypto market despite regulatory restrictions.

  3. 3
    0
    The Hacker News general
    SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

    CVE-2026-5760, a critical command injection vulnerability in SGLang with CVSS score 9.8, enables remote code execution through malicious GGUF model files. The flaw affects the high-performance serving framework and allows arbitrary code execution when processing specially crafted AI model files.

  4. 4
    0
    CyberScoop general
    Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution

    Google's Antigravity AI agent manager contains a vulnerability allowing prompt injection attacks to escape sandboxed environments and achieve remote code execution. Despite Google's highest security settings including command operation sandboxing and throttled network access, the system remains vulnerable to malicious prompts.

  5. 5
    0
    BleepingComputer general
    British Scattered Spider hacker pleads guilty to crypto theft charges

    British hacker Tyler Buchanan, believed to be a leader of Scattered Spider cybercrime collective, pleaded guilty in US court to wire fraud and aggravated identity theft charges involving $8 million in stolen cryptocurrency. The case highlights international law enforcement cooperation against major cybercrime groups targeting enterprises.

  6. 6
    0
    SecurityWeek general
    Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

    Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex serial-to-IP converter products that expose OT and healthcare systems to remote attacks. These devices translate machine communications to Internet protocols and are widely deployed in critical infrastructure environments.

  7. 7
    0
    BleepingComputer general
    The Gentlemen ransomware now uses SystemBC for bot-powered attacks

    Gentlemen ransomware operators now leverage a SystemBC proxy malware botnet comprising over 1,570 compromised corporate hosts for conducting attacks. The discovery reveals how ransomware groups are increasingly using legitimate infrastructure and proxy networks to enhance their operational capabilities.

  8. 8
    0
    BleepingComputer general
    Microsoft: Teams increasingly abused in helpdesk impersonation attacks

    Microsoft warns that threat actors are increasingly abusing external Microsoft Teams collaboration features in helpdesk impersonation attacks while using legitimate tools for access and lateral movement. The attacks exploit Teams' external communication capabilities to gain initial access to enterprise networks.

  9. 9
    0
    SecurityWeek general
    Hackers Abuse QEMU for Defense Evasion

    Attackers are abusing QEMU machine emulator in at least two separate campaigns to distribute ransomware and remote access tools while evading security defenses. The legitimate virtualization tool provides attackers with an effective method to bypass traditional security controls.

  10. 10
    0
    The Hacker News general
    Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

    ZionSiphon malware specifically targets Israeli water treatment and desalination systems with capabilities to establish persistence, tamper with configuration files, and scan for OT services on local subnets. Darktrace researchers identified the malware as part of targeted attacks against critical water infrastructure in Israel.