> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Thursday, April 23, 2026

  1. 1
    0
    The Hacker News general
    Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

    Kaspersky discovered Lotus Wiper, a previously undocumented data-wiping malware used in destructive attacks against Venezuela's energy and utilities sector in late 2025 and early 2026. The malware employs two batch scripts to initiate destruction, systematically overwrites drives, and targets recovery mechanisms to prevent system restoration.

  2. 2
    0
    BleepingComputer general
    Kyber ransomware gang toys with post-quantum encryption on Windows

    A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum encryption algorithms. This represents an early adoption of quantum-resistant cryptography in ransomware operations, potentially making future decryption efforts significantly more difficult.

  3. 3
    0
    BleepingComputer general
    Microsoft releases emergency patches for critical ASP.NET flaw

    Microsoft released emergency out-of-band patches for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability with a CVSS score of 9.1. The flaw involves improper verification of cryptographic signatures and affects authentication mechanisms across Windows, macOS, and Linux systems running ASP.NET Core applications.

  4. 4
    0
    BleepingComputer general
    New Mirai campaign exploits RCE flaw in EoL D-Link routers

    A Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a high-severity command injection vulnerability in end-of-life D-Link DIR-823X routers. The exploitation began one year after public disclosure and proof-of-concept code publication, demonstrating persistent targeting of legacy infrastructure.

  5. 5
    0
    BleepingComputer general
    New npm supply-chain attack self-spreads to steal auth tokens

    Socket and StepSecurity detected "CanisterSprawl," a self-propagating supply chain worm attacking the npm ecosystem that steals developer authentication tokens and spreads through compromised packages. The malware uses an Internet Computer Protocol (ICP) canister to exfiltrate stolen credentials and automatically publishes new malicious packages from hijacked developer accounts.

  6. 6
    0
    The Record threat-intel
    Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector

    Researchers discovered a previously unknown wiper malware deployed against Venezuela's energy and utilities sector in attacks designed to systematically destroy systems. The malware targets recovery mechanisms and overwrites drives to prevent restoration, indicating state-level destructive cyber operations against critical infrastructure.

  7. 7
    0
    BleepingComputer general
    New GoGra malware for Linux uses Microsoft Graph API for comms

    Symantec discovered a Linux variant of the GoGra backdoor deployed by the Harvester threat actor, likely targeting South Asian entities. The malware leverages Microsoft Graph API and legitimate Outlook mailboxes as covert command-and-control channels, allowing it to bypass traditional network perimeter defenses.

  8. 8
    0
    BleepingComputer general
    Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks

    Over 1,300 Microsoft SharePoint servers remain vulnerable to a spoofing vulnerability that was previously exploited as a zero-day and continues to be abused in active attacks. The unpatched servers are exposed online and represent a significant attack surface for threat actors targeting enterprise environments.

  9. 9
    0
    The Hacker News general
    Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

    Researchers discovered a new LOTUSLITE malware variant from the Mustang Panda APT group targeting India's banking sector and South Korean policy circles. The backdoor communicates with dynamic DNS-based C2 servers over HTTPS and supports remote shell access, file operations, and session management for espionage operations.

  10. 10
    0
    The Hacker News general
    Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

    Socket detected a self-propagating supply chain worm called CanisterSprawl that hijacks npm packages to steal developer tokens and automatically spreads through the ecosystem. The worm uses stolen npm tokens to publish new malicious packages and exfiltrates data through an Internet Computer Protocol canister for persistence.