> TritonInfoSec News

# Archive

Browse past daily curated stories

May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04

Sunday, May 10, 2026

  1. 1
    0
    BleepingComputer general
    CISA gives feds four days to patch Ivanti flaw exploited as zero-day

    CISA issued an emergency directive giving U.S. federal agencies just four days to patch CVE in Ivanti Endpoint Manager Mobile (EPMM), which is being actively exploited as a zero-day. Ivanti's EPMM has a history of critical zero-day exploitation, making this a high-priority patching action for any organization running the product.

  2. 2
    0
    SecurityWeek general
    Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

    Ivanti patched CVE-2026-6973, a high-severity zero-day in Endpoint Manager Mobile (EPMM) that allows an authenticated admin to execute arbitrary code, and the flaw has been exploited in targeted attacks in the wild. Security teams running EPMM should apply the patch immediately given Ivanti's track record of rapid zero-day weaponization.

  3. 3
    0
    CyberScoop general
    ShinyHunters claims nearly 9,000 schools affected by Canvas data breach

    ShinyHunters claimed responsibility for a breach of Instructure's Canvas learning platform, asserting that student PII from nearly 9,000 educational institutions across the U.S. is in the group's possession. The attack forced dozens of universities to postpone final exams mid-week, with the group threatening to release the data publicly.

  4. 4
    0
    SecurityWeek general
    Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

    A cyberattack attributed to ShinyHunters took the Canvas LMS — used by thousands of schools and universities — offline during finals week, with students encountering messages from the threat actor group directly within the platform. Instructure confirmed a second attack attempt by ShinyHunters, and hundreds of millions of users' PII may be at risk.

  5. 5
    0
    BleepingComputer general
    JDownloader site hacked to replace installers with Python RAT malware

    The official JDownloader website was compromised earlier this week, with attackers replacing legitimate Windows and Linux installers with malicious versions; the Windows payload deploys a Python-based remote access trojan (RAT). Users who downloaded JDownloader during the compromise window should treat their systems as potentially fully compromised.

  6. 6
    0
    SecurityWeek general
    Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

    A vulnerability in Anthropic's Claude Chrome extension allowed any other installed browser extension to inject prompts and hijack the Claude AI agent, stemming from lax extension permissions and improper trust implementation. The flaw is a concrete example of the prompt injection attack surface introduced by agentic AI browser integrations.

  7. 7
    0
    The Hacker News general
    Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

    A previously undocumented Linux implant called Quasar Linux RAT (QLNX) specifically targets developers and DevOps engineers to harvest credentials, log keystrokes, monitor clipboards, and establish network tunnels for software supply chain compromise. The targeting of developer environments makes QLNX a significant threat to CI/CD pipelines and source code integrity.

  8. 8
    0
    BleepingComputer general
    Former govt contractor convicted for wiping dozens of federal databases

    A 34-year-old Virginia federal contractor was convicted for wiping 96 government databases after being fired, with the jury also finding him guilty of stealing a colleague's password to gain unauthorized email access. The case is a stark insider-threat example illustrating risks of insufficient access revocation upon employee termination.

  9. 9
    0
    SecurityWeek general
    Ransomware Group Takes Credit for Trellix Hack

    Ransomware group RansomHouse published screenshots claiming to demonstrate unauthorized access to internal services of cybersecurity vendor Trellix, though Trellix has not publicly confirmed the breach. A successful compromise of a major security vendor's internal systems would have significant implications for customer trust and potential downstream exposure.

  10. 10
    0
    BleepingComputer general
    Fake OpenAI repository on Hugging Face pushes infostealer malware

    A malicious Hugging Face repository impersonating OpenAI's 'Privacy Filter' project reached the platform's trending list and delivered Windows infostealer malware to unsuspecting users. The incident illustrates how attackers are exploiting the credibility of AI/ML model-sharing platforms to distribute malware at scale under trusted brand names.