> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Tuesday, May 05, 2026

  1. 1
    0
    BleepingComputer general
    CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

    CISA added the "Copy Fail" Linux vulnerability (CVE-2026-31431, CVSS 7.8) to its KEV catalog after threat actors began exploiting it for local privilege escalation on Linux systems. The flaw affects mainstream Linux distributions built since 2017 and allows attackers to gain root access, with exploitation beginning just one day after researchers disclosed a proof-of-concept exploit.

  2. 2
    0
    SecurityWeek general
    Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

    Over 40,000 servers have been compromised in ongoing attacks exploiting CVE-2026-41940, a recently patched zero-day vulnerability in cPanel that grants administrative access. The exploitation is targeting government, military entities in Southeast Asia, and MSPs across multiple countries including the Philippines, Laos, Canada, and the U.S.

  3. 3
    0
    Dark Reading general
    Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability

    A critical authentication bypass vulnerability in cPanel has sparked widespread exploitation with multiple proof-of-concept exploits appearing shortly after disclosure. One researcher claims there has been zero-day activity for at least a month, threatening millions of users who rely on the popular web hosting control panel.

  4. 4
    0
    BleepingComputer general
    Progress warns of critical MOVEit Automation auth bypass flaw

    Progress Software issued patches for two MOVEit Automation vulnerabilities, including a critical authentication bypass flaw that could compromise the enterprise managed file transfer application. MOVEit Automation is used to schedule and automate file movement workflows in enterprise environments without requiring custom scripts.

  5. 5
    0
    BleepingComputer general
    Trellix discloses data breach after source code repository hack

    Cybersecurity firm Trellix disclosed a data breach after attackers gained unauthorized access to a portion of its source code repository. The company's investigation found no impact on its source code release or distribution processes, but the incident highlights risks to security vendors' intellectual property.

  6. 6
    0
    BleepingComputer general
    Instructure confirms data breach, ShinyHunters claims attack

    Educational technology giant Instructure confirmed a data breach with the ShinyHunters extortion gang claiming responsibility for the attack. The breach compromised names, email addresses, student ID numbers, and messages between users at educational institutions using Instructure's platforms.

  7. 7
    0
    The Hacker News general
    Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

    The VENOMOUS#HELPER phishing campaign has targeted over 80 organizations since April 2025, primarily in the U.S., using legitimate RMM tools SimpleHelp and ScreenConnect to establish persistent remote access. Attackers abuse these remote monitoring and management tools to evade detection after initial compromise through phishing vectors.

  8. 8
    0
    BleepingComputer general
    Backdoored PyTorch Lightning package drops credential stealer

    A malicious version of the PyTorch Lightning package on the Python Package Index (PyPI) delivers credential-stealing malware targeting browsers, environment files, and cloud services. This supply chain attack demonstrates the ongoing threat to open-source package repositories used by machine learning developers.

  9. 9
    0
    SecurityWeek general
    DigiCert Revokes Certificates After Support Portal Hack

    DigiCert revoked certificates after hackers delivered malware through a customer chat channel, infected an analyst's system, and gained access to the internal support portal. The certificate authority took immediate action to prevent potential abuse of its digital certificate infrastructure.

  10. 10
    0
    The Hacker News general
    Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

    China-based Silver Fox APT group deployed over 1,600 tax-themed phishing emails targeting organizations in Russia and India with the new ABCDoor backdoor malware. The campaign used fake correspondence from India's Income Tax Department in December 2025, followed by similar attacks against Russian entities.