> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Sunday, May 03, 2026

  1. 1
    0
    BleepingComputer general
    Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

    A critical cPanel vulnerability CVE-2026-41940 is being mass-exploited by the "Sorry" ransomware group to compromise websites and encrypt data. CISA has mandated federal agencies patch this flaw by Sunday, with Rapid7 confirming successful exploitation grants attackers complete control over cPanel host systems, configurations, databases, and managed websites.

  2. 2
    0
    The Hacker News general
    Trellix Confirms Source Code Breach With Unauthorized Repository Access

    Cybersecurity vendor Trellix disclosed a breach where attackers gained unauthorized access to a portion of its source code repository. The company is working with forensic experts and has notified law enforcement, though the full scope and timeline of the compromise remain unclear.

  3. 3
    0
    The Hacker News general
    Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

    Two cybersecurity professionals, Ryan Goldberg of Georgia and Kevin Martin of Texas, were each sentenced to four years in prison for facilitating BlackCat (ALPHV) ransomware attacks against multiple U.S. victims between April and December 2023. Both were former employees of incident response companies Sygnia and DigitalMint who used their positions to enable attacks.

  4. 4
    0
    BleepingComputer general
    ConsentFix v3 attacks target Azure with automated OAuth abuse

    A new attack variant called ConsentFix v3 is circulating on hacker forums, targeting Azure environments through automated OAuth abuse techniques. This evolution of the ConsentFix method adds automation capabilities and enhanced scaling potential for attackers seeking to compromise cloud environments.

  5. 5
    0
    SecurityWeek general
    New Bluekit Phishing Kit Features AI Assistant

    Security researchers have identified a new phishing kit called Bluekit that incorporates an AI assistant to help threat actors automate domain registration and phishing operations. The platform is still under development but represents a concerning evolution in AI-enabled cybercrime tools.

  6. 6
    0
    SecurityWeek general
    1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

    A supply chain attack dubbed "Mini Shai-Hulud" compromised Lightning and Intercom packages, affecting 1,800 victims including SAP systems. The compromised packages have a combined monthly download count of nearly 10 million, highlighting the significant reach of this software supply chain compromise.

  7. 7
    0
    SecurityWeek general
    Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

    Researchers have discovered a sophisticated Python-based backdoor framework called Deep#Door designed for espionage operations. The stealthy malware deploys a persistent Windows implant capable of both intelligence gathering and system disruption activities.

  8. 8
    0
    The Record threat-intel
    British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery

    Britain's cyber agency (NCSC) warned organizations to prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security vulnerabilities. The agency anticipates AI will dramatically increase the pace of vulnerability discovery, creating a "patch wave" that could overwhelm defenders while benefiting attackers.

  9. 9
    0
    BleepingComputer general
    Edu tech firm Instructure discloses cyber incident, probes impact

    Educational technology company Instructure, which operates the widely-used Canvas learning management platform, disclosed a recent cybersecurity incident and is investigating its impact. The breach affects a platform used by millions of students and educators globally, though specific details about the scope remain under investigation.

  10. 10
    0
    SecurityWeek general
    Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

    Google has adjusted its bug bounty programs, reducing Chrome payouts while increasing Android rewards amid the AI surge. The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million, reflecting the growing importance of mobile device security.