> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Friday, April 24, 2026

  1. 1
    0
    The Record threat-intel
    CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March

    CISA disclosed that an unnamed federal agency was breached through Cisco firewall vulnerabilities and infected with FIRESTARTER backdoor malware, which allowed hackers persistent access through March 2026 even after patches were applied. The incident demonstrates how threat actors can maintain long-term persistence in critical infrastructure networks despite remediation efforts.

  2. 2
    0
    BleepingComputer general
    Bitwarden CLI npm package compromised to steal developer credentials

    The Bitwarden CLI npm package (@bitwarden/[email protected]) was compromised as part of an ongoing supply chain attack targeting Checkmarx tools, with malicious code embedded in 'bw1.js' designed to steal developer credentials. This attack affects thousands of developers who rely on Bitwarden CLI for secure credential management in their development workflows.

  3. 3
    0
    BleepingComputer general
    New Checkmarx supply-chain breach affects KICS analysis tool

    Attackers compromised Docker images, VSCode extensions, and Open VSX extensions for Checkmarx's KICS security analysis tool, embedding credential-stealing payloads that harvest sensitive data from developer environments. The supply chain attack targets security teams using KICS for infrastructure-as-code scanning, potentially exposing secrets across multiple development projects.

  4. 4
    0
    The Hacker News general
    UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

    The UNC6692 threat group impersonates IT helpdesk staff via Microsoft Teams to deploy SNOW malware, convincing victims to accept chat invitations from fake accounts. This social engineering campaign demonstrates how attackers exploit trusted communication platforms and helpdesk personas to bypass technical security controls.

  5. 5
    0
    BleepingComputer general
    UK warns of Chinese hackers using proxy networks to evade detection

    UK's NCSC and international partners warned that China-nexus hackers are building large-scale proxy networks using hijacked consumer devices to mask their malicious activities and evade detection. This tactic represents a significant shift toward using compromised IoT devices and home routers as infrastructure for state-sponsored cyber operations.

  6. 6
    0
    BleepingComputer general
    New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

    The newly identified GopherWhisper APT group, linked to China, targets Mongolian government entities using Go-based custom malware and abuses legitimate services like Microsoft 365 Outlook, Slack, and Discord for command and control communications. ESET researchers discovered the group has compromised at least 12 government systems since November 2023.

  7. 7
    0
    The Hacker News general
    Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

    Apple patched CVE-2026-28950, an iOS/iPadOS Notification Services flaw that retained deleted notifications on devices, which the FBI exploited to forensically extract Signal messages even after the app was deleted. The vulnerability allowed law enforcement to recover sensitive messaging data from the push notification database during device forensic analysis.

  8. 8
    0
    BleepingComputer general
    CISA orders feds to patch BlueHammer flaw exploited as zero-day

    CISA ordered federal agencies to patch a Microsoft Defender privilege escalation vulnerability dubbed BlueHammer that was exploited as a zero-day, allowing attackers to access the SAM database and extract NTLM hashes for System privileges. The exploitation demonstrates how security tools themselves can become attack vectors when compromised.

  9. 9
    0
    BleepingComputer general
    Hackers exploit file upload bug in Breeze Cache WordPress plugin

    Hackers are actively exploiting a critical file upload vulnerability in the Breeze Cache WordPress plugin that allows uploading arbitrary files without authentication. This vulnerability affects WordPress sites using the popular caching plugin and enables complete server compromise through unrestricted file uploads.

  10. 10
    0
    CyberScoop general
    US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

    US and UK agencies warned that the FIRESTARTER malware was discovered on a federal agency's Cisco firewall network, with the campaign dating back to at least September 2025 and persisting through March 2026 despite patch application. The incident highlights sophisticated persistence techniques that survive standard remediation procedures on critical network infrastructure.