> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Sunday, May 31, 2026

  1. 1
    0
    BleepingComputer general
    Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

    Palo Alto Networks confirmed active exploitation of CVE-2026-0257, an authentication bypass flaw in PAN-OS GlobalProtect VPN, which carries a CVSS score of 7.8. Attackers are leveraging the vulnerability to establish unauthorized VPN connections and attempt to breach corporate networks. Security teams running PAN-OS or Prisma Access should treat this as urgent and apply mitigations immediately.

  2. 2
    0
    BleepingComputer general
    New CIFSwitch Linux flaw gives root on multiple distributions

    A local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel allows attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges across multiple Linux distributions. The flaw affects a broad swath of Linux deployments, making it a high-priority patch target for system administrators and security teams managing Linux infrastructure.

  3. 3
    0
    The Hacker News general
    PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

    CVE-2026-0257 (CVSS 7.8), an authentication bypass in Palo Alto Networks PAN-OS and Prisma Access affecting the GlobalProtect VPN component, is now under active in-the-wild exploitation. The flaw allows unauthenticated attackers to set up rogue VPN connections, giving them a foothold into enterprise networks. This story provides deeper technical context alongside Palo Alto's official warning.

  4. 4
    0
    SecurityWeek general
    Charter Communications Data Breach Could Impact Nearly 5 Million

    The ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter Communications in April 2026, with the breach potentially impacting nearly 5 million customers. ShinyHunters is a prolific threat actor responsible for numerous high-profile data thefts, and the scale of exposed records makes this one of the more significant telecom breaches of 2026.

  5. 5
    0
    Ars Technica Security general
    Botnet of more than 17 million devices dismantled

    Law enforcement dismantled a botnet comprising more than 17 million devices tied to a Russia-based residential proxy network, representing one of the largest botnet takedowns in recent history. Residential proxy botnets are commonly abused for credential stuffing, ad fraud, and bypassing geo-restrictions, making this takedown significant for defenders tracking proxy-based attack infrastructure.

  6. 6
    0
    BleepingComputer general
    ChatGPT share links abused to host fake outage pages to deliver malware

    Threat actors are abusing ChatGPT's content-sharing feature to host fake OpenAI outage pages that socially engineer users into downloading malware disguised as the ChatGPT desktop application. This attack vector exploits the implicit trust users place in chatgpt.com-hosted links, presenting a novel phishing surface that bypasses traditional URL reputation checks.

  7. 7
    0
    WeLiveSecurity (ESET) threat-intel
    ESET APT Activity Report Q4 2025–Q1 2026

    ESET's APT Activity Report covering Q4 2025 through Q1 2026 provides a comprehensive overview of tracked advanced persistent threat groups' campaigns and techniques during this period. For threat intelligence practitioners, this bi-annual report from ESET Research serves as a primary reference for understanding evolving nation-state TTPs across multiple regions.

  8. 8
    0
    The Hacker News general
    Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

    North Korean APT Kimsuky (aka Velvet Chollima) deployed new tools including HTTPSpy, HelloDoor, and abused VS Code Tunnels in targeted attacks against South Korean military and corporate entities during March–April 2026. The campaign featured tailored social engineering including spoofed security software installation pages and a fake Webex meeting lure, expanding Kimsuky's already sophisticated toolset.

  9. 9
    0
    SecurityWeek general
    Chrome 148 Update Patches 151 Vulnerabilities

    Google released Chrome 148 patching 151 vulnerabilities, including critical-severity flaws that could allow remote code execution. The sheer volume of patched CVEs and the presence of critical RCE-class bugs make this an immediate update priority for enterprise security teams managing browser deployments at scale.

  10. 10
    0
    SecurityWeek general
    California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

    California Attorney General Rob Bonta filed suit against Chrome Holding Co. (formerly 23andMe, post-bankruptcy rebrand) alleging the company failed to adequately protect user genetic and health data in its 2023 breach. The lawsuit is significant for the privacy and data broker sector, establishing a precedent for state-level legal accountability for genomic data breaches even after corporate restructuring.