> TritonInfoSec News

# Archive

Browse past daily curated stories

May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05

Tuesday, May 12, 2026

  1. 1
    0
    The Hacker News general
    Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

    Google's Threat Intelligence Group identified a cybercrime actor who used AI to develop a zero-day exploit designed to bypass two-factor authentication at scale for financial gain. This is the first documented case of AI being used in the wild for both vulnerability discovery and exploit generation, with code artifacts confirming heavy AI involvement. Security practitioners should treat this as a watershed moment for threat modeling, as AI-assisted exploit development dramatically lowers the barrier for sophisticated attack capabilities.

  2. 2
    0
    BleepingComputer general
    Google: Hackers used AI to develop zero-day exploit for web admin tool

    Google Threat Intelligence Group (GTIG) confirmed that a zero-day exploit targeting a popular open-source web administration tool was likely AI-generated, discovered before widespread exploitation could occur. Code artifacts found within the exploit provided forensic evidence of AI involvement in its creation. This marks a significant shift in the offensive threat landscape, signaling that AI-assisted vulnerability research is now an active adversarial capability, not just a theoretical concern.

  3. 3
    0
    The Hacker News general
    Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

    Cyera researchers disclosed CVE-2026-7482 (CVSS 9.1), an out-of-bounds read vulnerability in Ollama dubbed 'Bleeding Llama,' allowing remote unauthenticated attackers to leak the entire process memory of affected servers. The flaw is estimated to impact over 300,000 globally exposed Ollama servers. Given Ollama's widespread use for self-hosted LLM inference, this vulnerability poses significant risk of sensitive data exfiltration from AI workloads.

  4. 4
    0
    SecurityWeek general
    New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

    A second severe Linux kernel privilege escalation vulnerability, dubbed 'Dirty Frag' and tracked as CVE-2026-43284 and CVE-2026-43500, was disclosed before a patch was released and may already be under limited active exploitation. The flaw affects the same kernel subsystem as last month's 'Copy Fail' bug and allows any local user with a basic account to gain full root control. Enterprise Linux administrators should prioritize patching immediately as production-version fixes are now becoming available.

  5. 5
    0
    The Hacker News general
    Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

    A malicious Hugging Face repository named Open-OSS/privacy-filter impersonated OpenAI's legitimate 'openai/privacy-filter' model, reaching #1 on the platform's trending list and accumulating 244,000 downloads before detection. The repository delivered a Rust-based information stealer targeting Windows users. This supply chain attack against ML model repositories demonstrates a growing attack surface for AI tooling that security teams must now monitor alongside traditional software package registries.

  6. 6
    0
    The Hacker News general
    cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

    A threat actor identified as Mr_Rot13 is actively exploiting CVE-2026-41940, a critical authentication bypass in cPanel and WebHost Manager (WHM), to deploy a backdoor named 'Filemanager' on compromised hosting environments. The vulnerability allows remote attackers to gain elevated control without authentication. Hosting providers and managed service providers running cPanel/WHM infrastructure should treat this as an urgent remediation priority.

  7. 7
    0
    The Hacker News general
    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

    A group called TeamPCP compromised the official Checkmarx Jenkins AST plugin on the Jenkins Marketplace, publishing a trojanized version containing an infostealer — the second supply chain incident linked to Checkmarx tooling following a prior KICS attack. Checkmarx confirmed users must roll back to version 2.0.13-829.vc72453fa_1c16 (published December 17, 2025) or earlier. Any CI/CD pipeline using the Checkmarx Jenkins plugin after that date should be treated as potentially compromised and investigated immediately.

  8. 8
    0
    BleepingComputer general
    TrickMo Android banker adopts TON blockchain for covert comms

    A new TrickMo Android banking malware variant targeting users across Europe has been updated with new commands and now uses The Open Network (TON) blockchain as its command-and-control communication channel, making traffic significantly harder to block or trace via traditional network controls. TrickMo has historically been used for overlay attacks, SMS interception, and credential theft against mobile banking users. The adoption of blockchain-based C2 represents an evasion evolution that challenges conventional network-based detection approaches.

  9. 9
    0
    The Record threat-intel
    UK water company allowed hackers to lurk undetected for nearly two years, regulator finds

    The UK Information Commissioner's Office fined South Staffordshire Water £963,900 ($1.3M) after finding the Cl0p ransomware group lurked undetected in its network for nearly two years, ultimately exfiltrating and publishing personal data of 633,887 customers and employees in August 2022. The ICO found the company failed to implement adequate security monitoring that would have detected the prolonged intrusion. This case underscores the regulatory and financial consequences of insufficient detection capabilities in critical infrastructure operators.

  10. 10
    0
    BleepingComputer general
    Hackers abuse Google ads, Claude.ai chats to push Mac malware

    Attackers are running an active malvertising campaign abusing Google Ads and legitimate Claude.ai shared chat links to lure Mac users searching for 'Claude mac download' into installing malware. The campaign exploits the trusted appearance of claude.ai URLs in sponsored search results to socially engineer victims into executing malicious payloads. Security teams should update endpoint policies and user awareness training to address the abuse of AI brand recognition and legitimate platform URLs as a delivery vector.