> TritonInfoSec News

# Archive

Browse past daily curated stories

May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12

Friday, May 15, 2026

  1. 1
    0
    BleepingComputer general
    Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

    Cisco disclosed CVE-2026-20182, a CVSS 10.0 authentication bypass in the Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and SD-WAN Manager, actively exploited in zero-day attacks granting administrative privileges. This is the second maximum-severity Cisco SD-WAN flaw exploited in the wild this year, making immediate patching critical for network operators running Cisco SD-WAN infrastructure.

  2. 2
    0
    BleepingComputer general
    OpenAI confirms security breach in TanStack supply chain attack

    OpenAI confirmed two employee devices were compromised in the TanStack npm supply chain attack, which impacted hundreds of npm and PyPI packages across multiple AI companies. As a precautionary response, OpenAI rotated code-signing certificates for its applications — a significant incident given the breadth of the supply chain compromise affecting developer tooling widely used in AI projects.

  3. 3
    0
    The Hacker News general
    18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

    Researchers disclosed CVE-2026-42945, an 18-year-old heap buffer overflow in NGINX's ngx_http_rewrite_module (CVSS v4: 9.2) affecting both NGINX Plus and NGINX Open Source, enabling unauthenticated remote code execution. The flaw evaded detection for nearly two decades and was discovered via an autonomous scanning system, underscoring how AI-assisted auditing is surfacing long-dormant vulnerabilities in ubiquitous web infrastructure.

  4. 4
    0
    BleepingComputer general
    Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

    On day one of Pwn2Own Berlin 2026, researchers earned $523,000 by successfully exploiting 24 unique zero-days across Windows 11 and Microsoft Edge, among other targets. The event also features Broadcom/VMware products, with a high-severity VMware Fusion patch released in parallel — making this a critical week for patch prioritization across enterprise environments.

  5. 5
    0
    CyberScoop general
    Major tech manufacturer Foxconn confirms cyberattack hit North American factories

    Foxconn confirmed its North American factories were hit by the Nitrogen ransomware group, which claims to have exfiltrated 8 terabytes of data spanning over 11 million files, including confidential documents belonging to top customers. The attack is part of a broader surge targeting manufacturing — reportedly one of 600 ransomware hits on manufacturers in 2026 alone — exploiting the sector's low tolerance for operational downtime.

  6. 6
    0
    BleepingComputer general
    New Fragnesia Linux flaw lets attackers gain root privileges

    CVE-2026-46300 (CVSS 7.8), dubbed Fragnesia, is a new Linux kernel local privilege escalation vulnerability rooted in the XFRM subsystem via page cache corruption, enabling local attackers to gain root access. This is the third such LPE bug identified in the Linux kernel within two weeks, alongside Dirty Frag and Copy Fail, prompting urgent patching across major distributions.

  7. 7
    0
    The Hacker News general
    Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

    Researcher 'Chaotic Eclipse' publicly dropped two unpatched Windows zero-days: YellowKey, a BitLocker bypass requiring physical access, and GreenPlasma, a privilege escalation flaw in the Windows Collaborative Translation Framework (CTFMON) that elevates to SYSTEM. Microsoft is investigating both, and this follows the same researcher's prior disclosure of three Microsoft Defender vulnerabilities, with no patches yet available.

  8. 8
    0
    The Hacker News general
    Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

    Belarus-aligned APT Ghostwriter (also tracked as FrostyNeighbor, Storm-0257, TA445) is conducting geofenced PDF phishing campaigns against Ukrainian governmental organizations, delivering Cobalt Strike as the post-exploitation payload. The group uses victim fingerprinting before payload delivery, a tactic that complicates sandbox analysis, and has been active since at least 2016 targeting Ukraine and neighboring countries.

  9. 9
    0
    The Hacker News general
    Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

    Three versions of the widely used npm package node-ipc (9.1.6, 9.2.3, and 12.0.1) were confirmed malicious by Socket and StepSecurity, containing a stealer backdoor designed to exfiltrate developer secrets. The compromise of node-ipc — a package with broad ecosystem dependencies — represents a high-impact supply chain attack vector targeting CI/CD pipelines and developer workstations.

  10. 10
    0
    The Hacker News general
    Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

    Microsoft unveiled MDASH (Multi-Model Agentic Scanning Harness), an AI-driven vulnerability discovery system that identified 16 of the vulnerabilities patched in the May 2026 Patch Tuesday release. Currently in limited private preview, MDASH operates as a model-agnostic framework using specialized AI agents per vulnerability class, signaling a structural shift in how large vendors will scale security research internally — with Palo Alto Networks also using Anthropic's Mythos to find dozens of flaws in their own code.