> TritonInfoSec News

# Archive

Browse past daily curated stories

May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12

Thursday, May 14, 2026

  1. 1
    0
    The Hacker News general
    Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

    Microsoft's May 2026 Patch Tuesday addressed 138 vulnerabilities across its product portfolio, including 30 rated Critical and 61 privilege escalation bugs, with notable RCE flaws in DNS and Netlogon. Notably, none are listed as publicly known or under active exploitation — the first such clean slate in approximately two years. Microsoft's AI-driven MDASH system discovered 16 of these vulnerabilities, signaling a structural shift in how vendors are finding flaws at scale.

  2. 2
    0
    SecurityWeek general
    Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

    Microsoft patched CVE-2026-40361, a critical zero-click Outlook vulnerability that security researchers are comparing to BadWinmail — a flaw dubbed an 'enterprise killer' when it was discovered a decade ago. Zero-click RCE vulnerabilities in Outlook are particularly dangerous because exploitation requires no user interaction, making them high-priority patch targets for enterprise defenders. Security teams running on-premises Exchange or unpatched Outlook clients should treat this as an emergency remediation item.

  3. 3
    0
    BleepingComputer general
    Windows BitLocker zero-day gives access to protected drives, PoC released

    A researcher published proof-of-concept exploits for two unpatched Windows vulnerabilities — 'YellowKey,' a BitLocker bypass, and 'GreenPlasma,' a privilege escalation flaw — with no CVE assignments or Microsoft patches available at time of disclosure. BitLocker bypass vulnerabilities are particularly dangerous in theft or physical access scenarios, undermining a primary full-disk encryption defense on Windows endpoints. Security teams should monitor for patch availability and consider compensating controls for high-value systems relying solely on BitLocker.

  4. 4
    0
    BleepingComputer general
    New critical Exim mailer flaw allows remote code execution

    A critical RCE vulnerability was disclosed in Exim, the widely deployed open-source mail transfer agent, exploitable by unauthenticated remote attackers in certain configurations. Exim powers a large share of internet-facing mail servers, and past critical Exim flaws (e.g., CVE-2019-10149) have been rapidly weaponized by threat actors including nation-state groups. Administrators running vulnerable Exim configurations should prioritize patching immediately given the exposure of internet-facing mail infrastructure.

  5. 5
    0
    SecurityWeek general
    Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

    The GemStuffer campaign pushed over 500 malicious packages to RubyGems, abusing the registry as a data exfiltration channel by scraping UK government council portal data rather than targeting developers directly. The scale of the attack forced RubyGems to temporarily suspend new account registrations — a significant disruption to the Ruby ecosystem. This represents an unusual supply-chain attack pattern where the package registry itself is weaponized as infrastructure rather than as a malware delivery mechanism.

  6. 6
    0
    The Record threat-intel
    Instructure pays ransom after Canvas incident as Congress announces investigation

    Instructure, the company behind the Canvas learning management system, confirmed it paid a ransom to the ShinyHunters extortion group following a breach that disrupted approximately 9,000 institutions and affected 30 million students during finals. The company negotiated a deal for 'digital confirmation of data destruction,' though security practitioners broadly consider such assurances unverifiable. The U.S. House Committee on Homeland Security has launched a formal investigation and is requesting executive testimony on the incident and remediation steps.

  7. 7
    0
    BleepingComputer general
    Foxconn confirms cyberattack claimed by Nitrogen ransomware gang

    Foxconn confirmed a cyberattack by the Nitrogen ransomware group affecting North American factories across Wisconsin, Ohio, Texas, Virginia, Indiana, and Mexico, with the attackers claiming to have exfiltrated 8TB of data including confidential documents. Foxconn is the world's largest electronics manufacturer, supplying components to Apple, Microsoft, and other major vendors, making the operational disruption a potential downstream supply chain concern. The Nitrogen ransomware group, which has previously leveraged malvertising for initial access, is now confirmed targeting tier-1 industrial manufacturers.

  8. 8
    0
    The Hacker News general
    Android Adds Intrusion Logging for Sophisticated Spyware Forensics

    Google unveiled Android Intrusion Logging, an opt-in forensic feature developed in collaboration with Amnesty International, available within Advanced Protection Mode to capture persistent, privacy-preserving logs for post-compromise spyware analysis. This marks the first native device-vendor feature specifically designed to aid forensic detection of sophisticated commercial spyware like Pegasus-class tools. The feature is shipping as part of Android 17 and addresses a long-standing gap that has forced researchers to rely on third-party tools like MVT for spyware forensics.

  9. 9
    0
    SecurityWeek general
    Fortinet, Ivanti Patch Critical Vulnerabilities

    Fortinet and Ivanti both issued patches for critical vulnerabilities on May 2026 Patch Tuesday, with successful exploitation capable of leading to arbitrary code execution and information disclosure. Both vendors have been frequent targets of nation-state threat actors in recent years — Ivanti VPN products in particular have been exploited in zero-day campaigns by groups including UNC5325 and Volt Typhoon. Security teams should prioritize these patches given the demonstrated history of rapid exploitation of critical flaws in both vendors' products.

  10. 10
    0
    The Hacker News general
    Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

    Bitdefender attributed a multi-wave intrusion against an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026 to FamousSparrow (aka UAT-9244), a China-linked APT group, via repeated exploitation of Microsoft Exchange. The campaign represents an expansion of FamousSparrow's targeting beyond its traditionally observed sectors of hospitality, telecom, and government into critical energy infrastructure in the South Caucasus. Exchange exploitation remains a primary initial access vector for Chinese APT groups, and energy sector defenders in the region should audit Exchange server exposure and patch status immediately.