> TritonInfoSec News

# Archive

Browse past daily curated stories

May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12

Monday, May 18, 2026

  1. 1
    0
    BleepingComputer general
    New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

    A researcher released a proof-of-concept exploit for 'MiniPlasma,' an unpatched Windows privilege escalation zero-day that grants SYSTEM-level access on fully patched Windows systems. The public PoC significantly lowers the bar for exploitation, making this an urgent concern for Windows administrators until Microsoft issues a patch.

  2. 2
    0
    The Hacker News general
    NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

    CVE-2026-42945 (CVSS 9.2), a heap buffer overflow in NGINX's ngx_http_rewrite_module affecting versions 0.6.27 through 1.30.0, is under active exploitation in the wild within days of public disclosure. The flaw impacts both NGINX Plus and Open Source builds and carries potential for remote code execution, making immediate patching critical for the large population of NGINX deployments.

  3. 3
    0
    BleepingComputer general
    Russian hackers turn Kazuar backdoor into modular P2P botnet

    Russia-linked threat actor Secret Blizzard has evolved its long-standing Kazuar backdoor into a modular peer-to-peer botnet architecture, enhancing its stealth, persistence, and data-collection capabilities. The P2P design complicates traditional C2 takedown efforts and signals a significant operational upgrade for one of Russia's most persistent espionage toolsets.

  4. 4
    0
    BleepingComputer general
    Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

    The Tycoon2FA phishing-as-a-service kit has added device-code phishing support and is abusing Trustifi click-tracking URLs to bypass link-scanning defenses and hijack Microsoft 365 accounts. Device-code phishing is particularly dangerous because it circumvents MFA by tricking users into authorizing attacker-controlled OAuth tokens.

  5. 5
    0
    SecurityWeek general
    Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

    Pwn2Own Berlin 2026 awarded $1.3 million in prizes for demonstrated exploits targeting Windows, Linux, VMware, Nvidia, and AI products. The competition results provide a concrete snapshot of current attack surface exposure across critical enterprise and cloud infrastructure components.

  6. 6
    0
    The Hacker News general
    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    Grafana disclosed that an unauthorized party obtained a GitHub access token, used it to download the company's full codebase, and subsequently attempted extortion. Grafana confirmed no customer data or personal information was accessed, but the incident underscores supply-chain risks from exposed source-code repository credentials.

  7. 7
    0
    The Hacker News general
    Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

    A critical vulnerability in the Funnel Builder plugin for WordPress (no CVE yet assigned) is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, enabling payment card skimming. Sansec published details of the in-the-wild campaign, and the absence of a CVE may delay patching by site operators relying on vulnerability scanners.

  8. 8
    0
    BleepingComputer general
    Microsoft rejects critical Azure vulnerability report, no CVE issued

    A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

  9. 9
    0
    Dark Reading general
    Can Laws Stop Deepfakes? South Korea Aims to Find Out

    South Korea's upcoming local elections next month will serve as a live test of the country's deepfake regulations, which impose criminal penalties for AI-generated electoral disinformation. The outcome will offer policy practitioners early empirical data on whether legislative controls can meaningfully curb deepfake influence operations during active election cycles.

  10. 10
    0
    WeLiveSecurity (ESET) threat-intel
    Why geopolitical turmoil is a gift for scammers, and how to stay safe

    An ESET analysis details how geopolitical instability creates expanded opportunities for fraud campaigns, including charity scams, impersonation of relief organizations, and crisis-themed phishing. The piece is oriented toward practitioner and end-user awareness, with guidance on recognizing opportunistic fraud patterns tied to active conflict narratives.