> TritonInfoSec News

# Archive

Browse past daily curated stories

May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07

Wednesday, May 13, 2026

  1. 1
    0
    Schneier on Security threat-intel
    Copy.Fail Linux Vulnerability

    The Copy.Fail vulnerability is a Linux kernel local privilege escalation (disclosed by Theori on April 29, 2026) that abuses AF_ALG sockets and splice() to write four bytes at a time into the page cache of files the attacker doesn't own. Critically, the exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora, and most other major distributions with no race condition required — making it exceptionally reliable and broadly dangerous for enterprise Linux environments.

  2. 2
    0
    Dark Reading general
    'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

    The 'Dirty Frag' privilege escalation vulnerability affects enterprise Linux distributions and stems from the same kernel subsystem that produced last month's Copy.Fail bug, potentially allowing any local user to seize full administrative control. Dark Reading notes it may already be under limited exploitation, making it an urgent patching priority for security teams managing Linux infrastructure.

  3. 3
    0
    BleepingComputer general
    Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

    Microsoft's May 2026 Patch Tuesday addresses 120 vulnerabilities with no zero-days — the first zero-day-free Patch Tuesday in two years — but the volume is notable given AI-assisted vulnerability discovery driving record patch counts. Security teams should prioritize the 13 critical flaws spanning Azure, Windows, Dynamics 365, and the SSO Plugin for Jira and Confluence.

  4. 4
    0
    SecurityWeek general
    TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

    The Mini Shai-Hulud supply chain campaign, attributed to threat actor TeamPCP, compromised over 400 malicious versions of 170 npm and PyPI packages by injecting an obfuscated JavaScript file ('router_init.js') into legitimate packages from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. The attack weaponized signed release artifacts to evade detection, directly threatening developer environments that depend on these widely-used open-source ecosystems.

  5. 5
    0
    The Hacker News general
    Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

    Instructure paid a ransom to the ShinyHunters extortion group after attackers threatened to leak 3.65TB of data stolen from the Canvas LMS platform, affecting more than 8,800 school systems. The U.S. House Committee on Homeland Security has since launched an investigation and called Instructure executives to testify, while the company claims it received 'digital confirmation of data destruction' — an assurance that is technically unverifiable.

  6. 6
    0
    SecurityWeek general
    Google Detects First AI-Generated Zero-Day Exploit

    Google detected the first confirmed AI-generated zero-day exploit in the wild, created by a prominent cybercrime group to bypass two-factor authentication before Google intercepted it. Researchers identified AI-generated artifacts in the exploit code itself, marking a significant escalation in attacker capabilities and validating long-standing concerns about LLMs lowering the barrier for sophisticated exploit development.

  7. 7
    0
    BleepingComputer general
    Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

    Fortinet released patches for two critical remote code execution vulnerabilities in FortiSandbox and FortiAuthenticator, both of which are widely deployed in enterprise security infrastructure for sandboxing and identity management. Security teams running these products should prioritize patching immediately given Fortinet appliances' history of being rapidly targeted following public disclosure.

  8. 8
    0
    BleepingComputer general
    Official CheckMarx Jenkins package compromised with infostealer

    The official Checkmarx Jenkins Application Security Testing (AST) plugin on the Jenkins Marketplace was compromised with an infostealer in a supply chain attack discovered over the weekend of May 11, 2026. This attack is particularly impactful because it targeted a security tool itself, meaning CI/CD pipelines using Checkmarx for vulnerability scanning may have been exfiltrating credentials or build secrets.

  9. 9
    0
    The Hacker News general
    New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

    CVE-2026-45185, dubbed 'Dead.Letter,' is a use-after-free vulnerability in Exim mail transfer agent builds compiled with GnuTLS support, enabling potential memory corruption and remote code execution via the BDAT SMTP command. Exim is one of the most widely deployed MTAs on the internet, making this a high-priority patch for organizations running their own mail infrastructure.

  10. 10
    0
    The Hacker News general
    iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

    Apple's iOS 26.5 introduces end-to-end encrypted RCS messaging between iPhone and Android devices as part of a cross-industry initiative to replace unencrypted SMS, rolling out to users with supported carriers alongside the latest Google Messages on Android. This represents a significant privacy improvement for the hundreds of millions of users who rely on cross-platform messaging and were previously exposed to SMS interception risks.