> TritonInfoSec News

# Archive

Browse past daily curated stories

May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19

Friday, May 22, 2026

  1. 1
    0
    The Hacker News general
    GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

    GitHub confirmed that threat actor TeamPCP breached its internal repositories by compromising an employee device via a poisoned version of the Nx Console VS Code extension (nrwl.angular-console), part of the TanStack npm supply-chain attack. Approximately 3,800 internal repositories were exfiltrated, though GitHub stated customer data was unaffected. This incident underscores the severe risk posed by malicious VS Code extensions and third-party developer tooling as an attack vector against high-value targets.

  2. 2
    0
    The Hacker News general
    Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

    Microsoft disclosed two actively exploited zero-day vulnerabilities in Microsoft Defender: CVE-2026-41091 (CVSS 7.8), a privilege escalation flaw exploiting improper link resolution that allows attackers to gain SYSTEM privileges, and a separate denial-of-service vulnerability. Both bugs were exploited in the wild before patches were released. Security teams running Microsoft Defender should prioritize these patches immediately given confirmed active exploitation.

  3. 3
    0
    The Hacker News general
    9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

    A nine-year-old Linux kernel vulnerability tracked as CVE-2026-46333 (CVSS 5.5) has been disclosed, involving improper privilege management that allows an unprivileged local user to read sensitive files and execute arbitrary commands as root on default installations of multiple major Linux distributions. The flaw went undetected from at least 2017 until now, affecting a wide swath of production Linux systems. Administrators should audit affected kernel versions and apply patches across enterprise Linux deployments.

  4. 4
    0
    BleepingComputer general
    Max severity Cisco Secure Workload flaw gives Site Admin privileges

    Cisco released patches for a maximum-severity vulnerability in Cisco Secure Workload that allows remote attackers to gain Site Admin privileges by exploiting insufficient validation and authentication in the product's REST APIs. This is a critical exposure for enterprises using Secure Workload for zero-trust segmentation, as unauthenticated remote attackers could fully compromise workload policy management. Immediate patching is advised with no known workarounds.

  5. 5
    0
    The Hacker News general
    Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

    Drupal patched CVE-2026-9082 (CVSS 6.5), a highly critical flaw in Drupal Core's database abstraction API affecting PostgreSQL-backed installations that can be exploited without authentication for remote code execution, privilege escalation, or information disclosure. Drupal warned that exploits could emerge within hours of disclosure. Site administrators running Drupal on PostgreSQL should apply the security update immediately.

  6. 6
    0
    Krebs on Security threat-intel
    Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

    Canadian authorities arrested Jacob Butler, a 23-year-old from Ottawa operating under the alias 'Dort,' on suspicion of building and operating Kimwolf, an IoT botnet that enslaved millions of devices for large-scale DDoS attacks over the past six months. Butler was previously publicly named by KrebsOnSecurity in February 2026 after he launched DDoS, doxing, and swatting campaigns against the author. He awaits extradition to the United States and faces up to 10 years in prison.

  7. 7
    0
    BleepingComputer general
    Hackers bypass SonicWall VPN MFA due to incomplete patching

    Threat actors exploited incomplete patching on SonicWall Gen6 SSL-VPN appliances to brute-force VPN credentials and bypass multi-factor authentication, subsequently deploying ransomware tools. The attacks highlight a critical operational gap: organizations that applied partial patches remained vulnerable to MFA bypass, enabling full ransomware deployment chains. Security teams managing SonicWall Gen6 appliances should verify complete patch application and audit VPN authentication logs.

  8. 8
    0
    BleepingComputer general
    Chinese hackers target telcos with new Linux, Windows malware

    Chinese APT actors linked to cyber-espionage campaigns have been deploying two newly identified malware families — Showboat (Linux SOCKS5 proxy/backdoor) and JFMBackdoor (Windows) — against telecommunications providers in the Middle East and Central Asia since at least mid-2022. Lumen Technologies researchers found Showboat is a modular post-exploitation framework capable of spawning remote shells, transferring files, and proxying traffic. The shared tooling across multiple Chinese APT groups suggests coordinated infrastructure targeting strategic communications providers.

  9. 9
    0
    CyberScoop general
    European authorities take down prolific cybercrime VPN service

    European law enforcement dismantled First VPN, a VPN service marketed on Russian-speaking cybercrime forums that Europol stated appeared in nearly every major recent cybercrime investigation, including ransomware and data theft operations. Authorities arrested the alleged administrator and seized the service's servers and domains. The takedown removes a key operational security tool used by cybercriminals to evade law enforcement attribution.

  10. 10
    0
    The Record threat-intel
    7-Eleven confirms breach after ShinyHunters claims

    7-Eleven confirmed a data breach discovered on April 8, 2026, in which threat group ShinyHunters gained access to systems used to store franchisee documents. Breach notification letters have been sent to affected parties detailing unauthorized access to certain 7-Eleven internal systems. ShinyHunters, a prolific data extortion group responsible for numerous high-profile breaches, has claimed responsibility for the intrusion.