> TritonInfoSec News

# Archive

Browse past daily curated stories

May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12

Tuesday, May 19, 2026

  1. 1
    0
    Krebs on Security threat-intel
    CISA Admin Leaked AWS GovCloud Keys on Github

    A CISA contractor exposed credentials to multiple AWS GovCloud accounts and internal CISA systems in a public GitHub repository, left accessible until at least the past weekend. Security experts described the leak as one of the most egregious government data exposures in recent history, with the repository also containing details of CISA's internal software build, test, and deployment infrastructure. The incident is particularly damaging given CISA's mandate to secure federal civilian networks.

  2. 2
    0
    Dark Reading general
    Microsoft Exchange Zero-Day Under Attack, No Patch Available

    CVE-2026-42897, an unpatched cross-site scripting vulnerability in Microsoft Exchange's Outlook Web Access (OWA), is being actively exploited with no patch currently available. The zero-day allows attackers to compromise OWA mailboxes, posing immediate risk to organizations running on-premises Exchange deployments. Security teams should consider temporary mitigations and monitor OWA access logs for anomalous activity.

  3. 3
    0
    SecurityWeek general
    Grafana Confirms Breach After Hackers Claim They Stole Data

    Grafana confirmed a breach in which attackers used a stolen GitHub access token to download its entire source code repository. The attack has been linked to Coinbase Cartel, a cybercrime group associated with ShinyHunters, Scattered Spider, and Lapsus$. Grafana publicly stated it refused to pay the ransom, and the stolen token represents a textbook supply chain access vector targeting developer credentials.

  4. 4
    0
    The Hacker News general
    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

    Researcher 'Chaotic Eclipse' released a proof-of-concept exploit dubbed MiniPlasma targeting a zero-day in Windows' Cloud Files Mini Filter Driver (cldflt.sys), enabling SYSTEM-level privilege escalation on fully patched Windows systems. This follows two prior disclosures from the same researcher — YellowKey (BitLocker bypass) and GreenPlasma — forming a cluster of unpatched Windows privilege escalation issues. No patch is currently available, making this an active risk for enterprise Windows environments.

  5. 5
    0
    Schneier on Security threat-intel
    Zero-Day Exploit Against Windows BitLocker

    A researcher known as 'Nightmare-Eclipse' published the YellowKey exploit, which reliably bypasses BitLocker full-volume encryption on default Windows 11 deployments by extracting the decryption key stored in the TPM without requiring the user's PIN. The attack requires physical access to the target machine but works against standard TPM-only BitLocker configurations, which are the default for most enterprise deployments. Organizations relying solely on TPM-backed BitLocker without a PIN should treat this as a significant data-at-rest protection gap.

  6. 6
    0
    SecurityWeek general
    Exploitation of Critical NGINX Vulnerability Begins

    Active exploitation has begun against a critical NGINX vulnerability that causes denial-of-service on default configurations and enables remote code execution when ASLR is disabled. The flaw affects a widely deployed web server and reverse proxy, making rapid patching essential for internet-facing infrastructure. Security teams running NGINX should apply vendor patches immediately and verify ASLR is enabled as a compensating control.

  7. 7
    0
    BleepingComputer general
    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026

    Pwn2Own Berlin 2026 concluded with researchers earning $1,298,250 in prizes for successfully exploiting 47 zero-day vulnerabilities across various products. The contest serves as a key industry benchmark for unpatched vulnerability discovery, and vendors are expected to receive technical details triggering 90-day disclosure deadlines. The results will drive a wave of security patches across affected products in the coming weeks.

  8. 8
    0
    The Hacker News general
    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

    Ivanti, Fortinet, SAP, VMware, and n8n released patches addressing multiple critical vulnerabilities including CVE-2026-8043 (CVSS 9.6) in Ivanti Xtraction, which enables information disclosure and client-side attacks via external file name control. Additional flaws across the five vendors cover RCE, SQL injection, authentication bypass, and privilege escalation. Organizations running any of these products should prioritize patching given the severity scores and breadth of affected enterprise software.

  9. 9
    0
    The Hacker News general
    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

    Four malicious npm packages — chalk-tempalte (825 downloads), @deadcode09284814/axios-util (284 downloads), axois-utils (963 downloads), and color-style-utils (934 downloads) — were found delivering infostealers and Phantom Bot DDoS malware. One package is a direct clone of the Shai-Hulud worm, whose source code was recently open-sourced by TeamPCP, confirming fears that public release of the worm's code would accelerate adversarial adoption. Developers using npm should audit dependencies for these package names and rotate any credentials present in affected environments.

  10. 10
    0
    SecurityWeek general
    7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

    7-Eleven confirmed a data breach after the ShinyHunters threat group claimed to have stolen over 600,000 Salesforce records containing personal and corporate data and issued a ransom demand. The breach follows ShinyHunters' pattern of targeting SaaS platform credentials to exfiltrate CRM data at scale. Organizations using Salesforce should review third-party access tokens and audit records of bulk data exports.