> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Sunday, April 26, 2026

  1. 1
    0
    The Hacker News general
    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

    CISA revealed that a federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025 with FIRESTARTER backdoor malware. The backdoor provides remote access and maintains persistence even after security patches are applied, demonstrating advanced evasion capabilities against enterprise security infrastructure.

  2. 2
    0
    The Hacker News general
    Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

    SentinelOne researchers discovered 'fast16,' a Lua-based malware framework from 2005 that predates Stuxnet and targeted high-precision calculation software to tamper with results. The malware included self-propagation mechanisms and represents early cyber sabotage efforts potentially linked to US-Iran tensions, providing historical context for nation-state attacks on critical infrastructure.

  3. 3
    0
    The Hacker News general
    CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

    CISA added four actively exploited vulnerabilities to its KEV catalog with a May 2026 federal deadline: CVE-2024-57726 (CVSS 9.9) affecting SimpleHelp, plus flaws in Samsung MagicINFO 9 Server and D-Link DIR-823X routers. The SimpleHelp vulnerability involves missing authorization controls that could enable complete system compromise.

  4. 4
    0
    SecurityWeek general
    China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

    China-linked APT group GopherWhisper uses multiple Go-based backdoors alongside custom loaders and injectors to target government entities while abusing legitimate services for command and control. The group's reliance on Go-based tooling and legitimate service abuse demonstrates sophisticated operational security practices for persistent government network access.

  5. 5
    0
    BleepingComputer general
    Threat actor uses Microsoft Teams to deploy new “Snow” malware

    Threat group UNC6692 deploys custom 'Snow' malware suite via Microsoft Teams social engineering, including a browser extension, tunneler, and backdoor components. The attack demonstrates how legitimate collaboration platforms like Teams can be weaponized for initial access and malware deployment in corporate environments.

  6. 6
    0
    BleepingComputer general
    New BlackFile extortion group linked to surge of vishing attacks

    BlackFile extortion group has conducted data theft and extortion attacks against retail and hospitality organizations since February 2026, linked to surge in vishing (voice phishing) attacks. The group's targeting of customer-facing industries and use of voice-based social engineering represents an evolution in ransomware group tactics.

  7. 7
    0
    The Record threat-intel
    Toronto police arrest three in Canada’s first mobile SMS blaster case

    Toronto police arrested three men in Canada's first mobile SMS blaster case involving devices that impersonate cellular towers to send mass phishing messages and disrupt mobile networks. The arrests highlight law enforcement action against cellular network exploitation tools that can bypass traditional SMS security controls.

  8. 8
    0
    Dark Reading general
    North Korea's Lazarus Targets macOS Users via ClickFix

    North Korea's Lazarus group targets macOS users via ClickFix techniques, focusing on Mac-centric organizations and high-value leaders for initial access and data theft. The campaign shows Lazarus expanding beyond Windows environments to target Apple's ecosystem with social engineering lures.

  9. 9
    0
    Dark Reading general
    US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

    US authorities charged 29 people including a Cambodian senator in a Myanmar-based financial fraud ring targeting US citizens, seizing over 500 web domains tied to fake investment sites. The international operation demonstrates the global scope of cryptocurrency and investment fraud schemes operating from Southeast Asia.

  10. 10
    0
    The Record threat-intel
    ADT says customer data stolen in cyber intrusion

    Home security company ADT disclosed that cybercriminals breached company systems on Monday and stole a 'limited set' of customer and prospective customer information. The breach affects a major home security provider with access to sensitive customer data including security system details and personal information.