> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Saturday, April 25, 2026

  1. 1
    0
    BleepingComputer general
    Firestarter malware survives Cisco firewall updates, security patches

    CISA and NCSC warned that Firestarter malware infected a federal agency's Cisco Firepower device running ASA software in September 2025, providing persistent backdoor access that survives security patches and firmware updates. The malware maintains remote access capabilities even after standard remediation efforts, highlighting a critical threat to federal network infrastructure.

  2. 2
    0
    BleepingComputer general
    New ‘Pack2TheRoot’ flaw gives hackers root Linux access

    Researchers disclosed Pack2TheRoot, a vulnerability in the PackageKit daemon that allows local Linux users to escalate privileges to root by exploiting package installation and removal functions. The flaw affects multiple Linux distributions and could enable attackers with initial system access to gain complete administrative control.

  3. 3
    0
    The Hacker News general
    LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

    CVE-2026-33626, a Server-Side Request Forgery vulnerability in LMDeploy (an open-source LLM toolkit), was exploited in the wild within 13 hours of public disclosure. The high-severity flaw (CVSS 7.5) allows attackers to access sensitive data through SSRF attacks against AI model deployment infrastructure.

  4. 4
    0
    SecurityWeek general
    Bitwarden NPM Package Hit in Supply Chain Attack

    TeamPCP compromised the Bitwarden CLI NPM package (@bitwarden/[email protected]) in a supply chain attack, injecting malicious code into the 'bw1.js' file. The attack is part of a broader Checkmarx supply chain campaign targeting developer tools and password management infrastructure.

  5. 5
    0
    BleepingComputer general
    Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

    Over 10,000 Zimbra Collaboration Suite instances exposed online are vulnerable to ongoing XSS attacks exploiting a cross-site scripting security flaw. The widespread exposure affects email and collaboration systems globally, enabling potential data theft and session hijacking.

  6. 6
    0
    BleepingComputer general
    ADT confirms data breach after ShinyHunters leak threat

    Home security giant ADT confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen customer data unless a ransom is paid. The breach compromises personal information of ADT customers, adding to growing concerns about security companies themselves being targeted.

  7. 7
    0
    The Hacker News general
    26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

    Kaspersky discovered 26 malicious cryptocurrency wallet apps on the Apple App Store that impersonate legitimate wallets to steal recovery phrases and private keys, active since fall 2025. The fake apps redirect users to browser pages mimicking the App Store to distribute trojanized versions of popular wallet software.

  8. 8
    0
    The Hacker News general
    NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    NASA's OIG revealed a Chinese national posed as a U.S. researcher in a multi-year spear-phishing campaign targeting NASA employees, government entities, universities, and private companies to obtain sensitive information in violation of export control laws. The operation successfully duped NASA personnel into providing access to defense-related software and technologies.

  9. 9
    0
    The Hacker News general
    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

    Tropic Trooper deployed a trojanized SumatraPDF reader to deliver the AdaptixC2 Beacon and abuse Microsoft Visual Studio Code tunnels for remote access in attacks targeting Chinese-speaking individuals. The campaign demonstrates the APT group's evolution toward legitimate software abuse for persistent access.

  10. 10
    0
    The Hacker News general
    China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

    ESET discovered GopherWhisper, a new China-aligned APT group targeting 12 Mongolian government systems using Go-based backdoors, injectors, and loaders since November 2023. The group leverages cloud services including Slack, Discord, Microsoft Outlook, and file.io for command and control communications.