> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Saturday, May 02, 2026

  1. 1
    0
    The Record threat-intel
    Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw

    A newly discovered Linux kernel vulnerability dubbed 'Copy Fail' (CVE-2026-31431) affects nearly every Linux system built since 2017, allowing unprivileged local attackers to gain root permissions. The flaw impacts the kernel's authencesn cryptographic template and has been hiding in major distributions for nearly a decade, with a 10-line proof-of-concept exploit already published.

  2. 2
    0
    BleepingComputer general
    Critical cPanel and WHM bug exploited as a zero-day, PoC now available

    CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, has been actively exploited as a zero-day since late February 2026. CISA has ordered federal agencies to patch by Sunday, as successful exploitation grants attackers complete control over cPanel host systems, configurations, databases, and managed websites.

  3. 3
    0
    Dark Reading general
    76% of All Crypto Stolen in 2026 Is Now in North Korea

    North Korean threat actors now control 76% of all cryptocurrency stolen in 2026, conducting historic heists on a weekly basis with potential AI assistance. This represents a significant escalation in state-sponsored cryptocurrency theft targeting global financial infrastructure.

  4. 4
    0
    The Hacker News general
    30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

    Vietnamese threat actors used Google AppSheet as a 'phishing relay' in the AccountDumpling campaign, compromising approximately 30,000 Facebook accounts through sophisticated phishing emails. The stolen accounts were then sold through an illicit storefront operated by the attackers.

  5. 5
    0
    BleepingComputer general
    15-year-old detained over French govt agency data breach

    French authorities detained a 15-year-old suspect for selling data stolen from France Titres (ANTS), the French agency responsible for issuing administrative documents including passports and driver's licenses. The incident represents a significant breach of France's national identity infrastructure.

  6. 6
    0
    The Record threat-intel
    Cyber incident responders who carried out ransomware attacks given 4-year sentences

    Two cybersecurity incident responders, Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint), received 4-year prison sentences for secretly conducting BlackCat ransomware attacks against their own clients between April and December 2023. The case highlights insider threats within the cybersecurity incident response industry.

  7. 7
    0
    The Hacker News general
    Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

    CrowdStrike identified Cordial Spider (UNC6671) and Snarky Spider (UNC6661) conducting rapid SaaS environment attacks using voice phishing and SSO abuse for data theft and extortion. These threat groups operate almost entirely within SaaS platforms while leaving minimal forensic traces.

  8. 8
    0
    The Hacker News general
    China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

    China-aligned threat group SHADOW-EARTH-053 is targeting government and defense sectors across South, East, and Southeast Asia, plus one NATO member state in Europe. The campaign also targets journalists and activists, indicating both espionage and influence operations.

  9. 9
    0
    The Hacker News general
    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    The GitHub account 'BufferZoneCorp' published malicious Ruby gems and Go modules targeting CI pipelines for credential theft, GitHub Actions tampering, and SSH persistence. The supply chain attack uses sleeper packages to subsequently deliver malicious payloads in development environments.

  10. 10
    0
    The Hacker News general
    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

    Researchers disclosed DEEP#DOOR, a stealthy Python-based backdoor framework that disables Windows security controls via 'install_obf.bat' and harvests browser credentials, cloud service tokens, and system information. The malware establishes persistent access through tunneling services for covert data exfiltration.