> TritonInfoSec News

# Archive

Browse past daily curated stories

May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20

Wednesday, May 27, 2026

  1. 1
    0
    BleepingComputer general
    Charter confirms data breach after ShinyHunters extortion threat

    Charter Communications confirmed a data breach after ShinyHunters threatened to leak stolen data unless a ransom was paid. The incident adds Charter to a growing list of telecom victims targeted by ShinyHunters, a prolific extortion group also responsible for breaches at 7-Eleven and other major organizations in the same period. Security teams at telecom and critical infrastructure organizations should treat this as a signal of active ShinyHunters targeting campaigns.

  2. 2
    0
    The Hacker News general
    Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

    Microsoft issued an out-of-band patch for CVE-2026-45659, a CVSS 8.8 remote code execution vulnerability in SharePoint Server caused by deserialization of untrusted data. The flaw requires no specialized conditions to exploit, making it immediately actionable for attackers with basic access. Admins running any supported SharePoint Server version should prioritize emergency patching given SharePoint's role as a high-value lateral movement target in enterprise environments.

  3. 3
    0
    Ars Technica Security general
    Millions of AI agents imperiled by critical vulnerability in open source package

    A critical vulnerability dubbed 'BadHost' was discovered in Starlette, an ASGI framework with 325 million weekly downloads widely used as the foundation for AI agent frameworks and FastAPI. The flaw puts millions of AI agent deployments at risk of compromise, and its discovery through formal verification methods underscores gaps in traditional security testing for foundational open-source packages. Developers building AI pipelines on Starlette should audit their dependency versions immediately.

  4. 4
    0
    Dark Reading general
    Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

    A supply chain campaign named 'Megalodon' pushed malicious commits to more than 5,500 GitHub repositories within a six-hour window, targeting developer credentials and secrets embedded in repos. The attack's speed and scale — thousands of repositories poisoned in half a day — demonstrates the outsized risk of automated supply chain attacks against open source infrastructure. Security teams should audit recent commits in dependencies and enforce secret scanning across their GitHub organizations.

  5. 5
    0
    The Hacker News general
    KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

    CVE-2026-5426 (CVSS 7.5), a zero-day in Digital Knowledge's KnowledgeDeliver LMS — popular in Japan — was exploited to deploy the Godzilla web shell and Cobalt Strike Beacon via hardcoded ASP.NET machineKey values enabling ViewState deserialization attacks. The use of hardcoded machineKeys is a well-known ASP.NET misconfiguration that enables unauthenticated RCE, and this incident confirms active exploitation in the wild. Organizations running KnowledgeDeliver or any ASP.NET application with shared or hardcoded machineKeys should rotate keys and audit for web shell indicators immediately.

  6. 6
    0
    The Record threat-intel
    Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations

    Dutch authorities arrested two men and seized more than 800 servers linked to a bulletproof hosting service that provided infrastructure for Russia-aligned threat actors conducting cyberattacks and disinformation campaigns. The operation disrupted a key piece of the ecosystem enabling pro-Russian cyber operations against European targets, including potential sanctions violations by the Dutch-registered companies involved. The seizure of 800+ servers represents one of the larger infrastructure takedowns targeting Russian-aligned cybercrime in recent memory.

  7. 7
    0
    BleepingComputer general
    7-Eleven data breach exposes personal information of 185,000 people

    ShinyHunters breached 7-Eleven systems in April, exposing personal data — including names, email addresses, physical addresses, and dates of birth — of over 183,000 people, confirmed via Have I Been Pwned. This is the second major ShinyHunters extortion target disclosed in the same news cycle alongside Charter Communications, indicating an active and prolific campaign by the group. Affected individuals and organizations with 7-Eleven vendor relationships should monitor for follow-on phishing using the exposed PII.

  8. 8
    0
    The Hacker News general
    MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

    Iranian APT MuddyWater conducted a Q1 2026 espionage campaign using DLL side-loading techniques against at least nine organizations across nine countries spanning four continents, per Symantec and Carbon Black's Threat Hunter Team. Targeted sectors included industrial and electronics manufacturing, education, public sector, financial services, and professional services — a notably broad scope. Defenders in these sectors should look for DLL side-loading indicators associated with MuddyWater's updated toolset.

  9. 9
    0
    BleepingComputer general
    CISA orders feds to patch actively exploited Drupal vulnerability

    CISA issued an emergency directive ordering U.S. federal agencies to patch an actively exploited SQL injection vulnerability in the Drupal CMS by Wednesday evening. Active exploitation in the wild elevates urgency beyond standard patch cycles, and federal agencies running Drupal-based web properties face the tightest deadline. Non-federal organizations running Drupal should treat this as a priority patch given confirmed in-the-wild exploitation.

  10. 10
    0
    SecurityWeek general
    Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

    A Ghost CMS vulnerability was exploited to compromise over 700 websites, including sites belonging to Harvard University, Oxford University, and DuckDuckGo. The breadth of high-profile victims — spanning academia and privacy-focused tech companies — illustrates how widely deployed Ghost CMS is and how quickly unpatched CMS vulnerabilities are weaponized at scale. Ghost CMS administrators should apply available patches immediately and audit their sites for indicators of compromise.