> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Saturday, May 30, 2026

  1. 1
    0
    BleepingComputer general
    Dutch govt disrupts malware botnet with 17 million infected devices

    Dutch authorities dismantled a botnet of 17 million infected devices, seizing more than 200 servers from a local provider tied to a Russia-based residential proxy network. The operation represents one of the largest botnet takedowns in recent history, though a separate report (id 4356) notes that a related raid on bulletproof host THE.Hosting seized 800 servers but left its core IP address space intact, limiting operational impact.

  2. 2
    0
    BleepingComputer general
    Charter Communications data breach affects 4.9 million accounts

    ShinyHunters stole personal information from 4.9 million Charter Communications accounts after breaching the US telecom giant in early April 2026, with the breach confirmed via Have I Been Pwned. A separate SecurityWeek report notes the group leaked over 42 million records total, suggesting the full scope may significantly exceed the 4.9 million confirmed accounts.

  3. 3
    0
    CyberScoop general
    Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

    A Commerce Inspector General audit found that NIST's National Vulnerability Database accumulated a backlog of 27,000 unprocessed security flaws due to poor planning and mismanagement, while simultaneously duplicating work with a parallel CISA program. This directly impacts vulnerability management workflows across the security industry, as practitioners rely on NVD for timely CVE enrichment.

  4. 4
    0
    SecurityWeek general
    Gogs Zero-Day Exposes Servers to Remote Code Execution

    A critical zero-day in Gogs (the self-hosted Git service) scored a CVSS 9.4 and allows authenticated attackers to achieve remote code execution via argument injection through pull requests with malicious branch names. The flaw has not yet received a patch from the Gogs project, making it immediately actionable for defenders running self-hosted Gogs instances.

  5. 5
    0
    The Hacker News general
    Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

    Threat actors are actively exploiting a critical patched vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware disguised as a Fortinet endpoint agent. Arctic Wolf's research shows attackers abused trusted endpoint management infrastructure to propagate the stealer across all managed endpoints, amplifying the blast radius beyond the initial compromise.

  6. 6
    0
    The Hacker News general
    Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

    An unknown threat actor exploited CVE-2026-39987 in a publicly accessible Marimo notebook to gain initial access, then deployed an LLM agent to autonomously conduct post-exploitation actions, including extracting two cloud credentials. This marks a documented real-world case of AI-assisted post-compromise automation, signaling an escalation in attacker operational sophistication.

  7. 7
    0
    BleepingComputer general
    Google Chrome adds session cookie theft protection for all users

    Google has made Device Bound Session Credentials (DBSC) generally available in Chrome, binding session cookies to the specific device that created them to prevent cookie-theft-based account takeover attacks. The rollout covers all Chrome users and targets a widely abused attacker technique used by infostealer malware to hijack authenticated sessions without needing passwords.

  8. 8
    0
    The Hacker News general
    New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

    WithSecure researchers have documented GREYVIBE, a previously undocumented Russian-speaking threat actor conducting persistent attacks against Ukraine and Ukraine-aligned entities since at least August 2025, using ChatGPT, Gemini, and other AI tools to augment operations. The group's alignment with Kremlin state interests and heavy AI integration makes it a significant new addition to the Russian APT landscape.

  9. 9
    0
    BleepingComputer general
    California AG sues 23andMe over 2023 breach exposing health data

    California Attorney General Rob Bonta filed a lawsuit against Chrome Holding Co. (formerly 23andMe) over the company's failure to protect sensitive genetic and health data in the 2023 breach that affected millions of customers. The case is notable because 23andMe filed for bankruptcy in March 2026, and the lawsuit targets the successor entity, setting a precedent for post-bankruptcy breach accountability.

  10. 10
    0
    The Hacker News general
    Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

    Microsoft publicly condemned uncoordinated zero-day disclosures and removed GitHub accounts belonging to researcher Chaotic Eclipse (aka Nightmare-Eclipse), who published multiple Windows zero-days with working proof-of-concept code and threatened to release more. The dispute reignites the industry debate over responsible disclosure timelines, with the researcher arguing Microsoft's patch cadence leaves users exposed for too long.