> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Friday, May 29, 2026

  1. 1
    0
    BleepingComputer general
    New Gogs zero-day flaw lets hackers get remote code execution

    An unpatched zero-day RCE vulnerability in Gogs, a widely deployed self-hosted Git service, allows remote attackers to execute arbitrary code on internet-facing instances. Rapid7 rates the flaw 9.4 on the CVSS scale; no CVE has been assigned yet. Organizations running Gogs should immediately assess exposure given the lack of an available patch.

  2. 2
    0
    The Hacker News general
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    A critical CVSS 9.4 RCE vulnerability in Gogs, the open-source self-hosted Git service, allows any authenticated user to execute arbitrary code — no CVE identifier has been issued. Rapid7 discovered and disclosed the flaw affecting the platform used across an estimated 30,000+ deployments. The lack of a patch makes this an urgent risk for developer infrastructure teams.

  3. 3
    0
    BleepingComputer general
    Hackers exploit FortiClient EMS flaw to push infostealer malware

    Threat actors are actively exploiting CVE-2026-35616, an authentication bypass in Fortinet's FortiClient Enterprise Management Server (EMS), to deliver a previously undocumented credential stealer dubbed EKZ. Arctic Wolf confirmed the campaign abused trusted endpoint management infrastructure to push malware across managed endpoints. Fortinet issued hotfixes in April 2026 after identifying in-the-wild exploitation as a zero-day.

  4. 4
    0
    BleepingComputer general
    Carnival Cruise confirms data breach affecting nearly 6 million people

    Carnival Corporation confirmed a data breach affecting nearly 6 million people, attributed to the ShinyHunters extortion gang, after a threat actor compromised an employee account in April 2026 and exfiltrated personal data. The breach is one of the largest consumer-facing incidents of 2026, exposing customers of the world's largest cruise line operator to identity theft risk. ShinyHunters was first linked to the incident in April before Carnival's public confirmation.

  5. 5
    0
    CyberScoop general
    CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain

    CrowdStrike, in coordination with Google and the Shadowserver Foundation, simultaneously took down four C2 servers belonging to the Glassworm botnet, which had infected hundreds of open-source software packages since early 2025. The operation targeted developer supply chain infrastructure specifically, making it directly relevant to any organization consuming open-source dependencies. The joint takedown is a notable example of industry-coordinated disruption of supply chain attack infrastructure.

  6. 6
    0
    BleepingComputer general
    GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

    A Russia-linked threat cluster tracked as GreyVibe has been targeting Ukrainian entities using AI-generated phishing lures built with ChatGPT and Gemini, paired with a toolkit of custom malware. Researchers warn this campaign previews how state-aligned and criminal groups will increasingly operationalize AI for both lure generation and attack tooling. The group's extensive AI integration distinguishes it from prior campaigns and sets a new benchmark for AI-assisted threat actors.

  7. 7
    0
    Dark Reading general
    Ransomware Actors Show Up In Person to Steal Law Firm Data

    The FBI has warned that Silent Ransom Group (SRG) is now physically visiting law firm offices as part of its extortion campaigns, combining social engineering with in-person workstation access to steal data. The gang has specifically targeted the legal services sector, blending remote compromise with physical intrusion in a tactic rarely seen from financially motivated cybercriminals. Law firms should review both their remote access controls and physical security policies in response.

  8. 8
    0
    The Hacker News general
    JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

    A previously undocumented threat actor tracked as JINX-0164 is targeting cryptocurrency firms using fake recruiter social engineering and bespoke macOS malware aimed at stealing digital assets and compromising CI/CD infrastructure. Wiz researchers identified the campaign's focus on cryptocurrency organizations' build pipelines as particularly high-risk, as CI/CD compromise can enable broad downstream supply chain attacks. The use of custom macOS malware signals a technically mature actor with targeted objectives.

  9. 9
    0
    The Hacker News general
    Malicious npm Package Stole Files From Claude AI User Directory via GitHub

    OX Security researchers found a malicious npm package named 'mouse5212-super-formatter' designed to exfiltrate files from '/mnt/user-data', the directory used by Anthropic's Claude AI tool for handling uploads and outputs. The package uploaded stolen files via GitHub, demonstrating a targeted attack vector against developers using AI coding assistants. This highlights the growing threat of supply chain attacks specifically engineered to compromise AI development environments.

  10. 10
    0
    SecurityWeek general
    Gitea Vulnerability Exposed 30,000 Deployments to Attacks

    A vulnerability in Gitea, the open-source self-hosted Git service, exposed approximately 30,000 deployments by allowing attackers to pull private container images, thereby accessing source code, credentials, and infrastructure configurations. The flaw is particularly damaging for organizations using Gitea as part of their container registry workflow. Security teams running self-hosted Gitea instances should audit container registry access controls and apply available patches immediately.