> TritonInfoSec News

# Archive

Browse past daily curated stories

May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19

Saturday, May 23, 2026

  1. 1
    0
    Krebs on Security threat-intel
    Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    A CISA contractor published AWS GovCloud keys and a large trove of internal CISA secrets to a public GitHub repository, exposing details of how CISA builds, tests, and deploys software internally. Security experts called it one of the most egregious government data leaks in recent history. Lawmakers from both chambers of Congress are now demanding answers as CISA works to contain the breach and invalidate the exposed credentials.

  2. 2
    0
    BleepingComputer general
    GitHub links repo breach to TanStack npm supply-chain attack

    GitHub disclosed that attackers breached approximately 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, itself compromised in the broader TanStack npm supply chain attack. The incident highlights how a single poisoned developer tool can cascade into significant source code theft, with Grafana also confirming its codebase was stolen after a token from the same TanStack attack was not rotated.

  3. 3
    0
    BleepingComputer general
    Microsoft warns of new Defender zero-days exploited in attacks

    Microsoft began patching two actively exploited zero-day vulnerabilities in Microsoft Defender — tracked as affecting UnDefend and RedSun Defender components — that can be leveraged to elevate privileges to SYSTEM or trigger a denial-of-service condition. The flaws were confirmed as exploited in the wild prior to patch availability, making immediate patching critical for Windows environments.

  4. 4
    0
    BleepingComputer general
    Drupal: Critical SQL injection flaw now targeted in attacks

    Drupal issued an urgent warning that attackers are actively exploiting CVE-2026-9082, a 'highly critical' SQL injection vulnerability disclosed earlier in the week, with security firms reporting attacks against thousands of websites. The flaw can be exploited without authentication to achieve information disclosure, privilege escalation, and remote code execution on affected Drupal installations.

  5. 5
    0
    The Hacker News general
    Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

    Cisco patched CVE-2026-20223, a CVSS 10.0 maximum-severity flaw in Cisco Secure Workload's REST API that allows an unauthenticated remote attacker to access sensitive data due to insufficient validation and authentication on API endpoints. The vulnerability grants effective Site Admin privileges to unauthenticated attackers, making it a critical priority for organizations running Secure Workload.

  6. 6
    0
    The Hacker News general
    Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

    The U.S. Department of Justice arrested Jacob Butler, 23, of Ottawa, Canada, for allegedly operating the Kimwolf DDoS-for-hire botnet — assessed as a variant of AISURU — which infected nearly two million devices worldwide. Butler faces up to 10 years in prison and awaits extradition to the United States on computer hacking charges.

  7. 7
    0
    The Hacker News general
    Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

    A campaign dubbed Megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window, injecting GitHub Actions workflows containing base64-encoded bash payloads designed to exfiltrate CI/CD secrets. The attacker used throwaway accounts with forged identities such as 'build-bot' and 'ci-bot,' representing an unprecedented automated software supply chain poisoning operation.

  8. 8
    0
    The Hacker News general
    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

    A multi-nation law enforcement operation led by France and the Netherlands dismantled 'First VPN,' a criminal VPN service that had been marketed on Russian-speaking cybercrime forums and used by at least 25 ransomware groups for network reconnaissance, data theft, and intrusions. Authorities seized infrastructure and arrested the service's administrator, with the operation running since December.

  9. 9
    0
    BleepingComputer general
    Trend Micro warns of Apex One zero-day exploited in the wild

    Trend Micro patched CVE-2026-34926, a directory traversal zero-day vulnerability in the on-premise version of Apex One that was confirmed exploited in attacks against Windows systems before a fix was available. CISA added CVE-2026-34926 and Langflow's CVE-2025-34291 (CVSS 9.4, an origin validation error) to its Known Exploited Vulnerabilities catalog, requiring federal agencies to remediate on an expedited timeline.

  10. 10
    0
    Schneier on Security threat-intel
    macOS Kernel Memory Corruption Exploit

    Researchers used Anthropic's Mythos AI model to discover and develop an exploit for a kernel memory corruption vulnerability on Apple's M5 chip running macOS. The case represents a significant milestone in AI-assisted vulnerability research, demonstrating that frontier AI models can now materially contribute to finding and exploiting zero-day flaws in major operating system kernels.