> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Tuesday, June 02, 2026

  1. 1
    0
    BleepingComputer general
    Critical Windows Netlogon RCE flaw now exploited in attacks

    The Centre for Cybersecurity Belgium (CCB) issued a warning that threat actors are actively exploiting CVE-2026-41089, a critical Windows Netlogon RCE vulnerability. Organizations are urged to patch immediately given confirmed in-the-wild exploitation. The Netlogon protocol's role in domain authentication makes this particularly dangerous for enterprise Active Directory environments.

  2. 2
    0
    SecurityWeek general
    Recent Palo Alto Networks Vulnerability Exploited for Weeks

    CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS GlobalProtect VPN, began being exploited just four days after public disclosure and has now been active for weeks across two distinct attack waves starting in mid-May. The rapid weaponization of this flaw underscores the shrinking window between patch release and active exploitation for network perimeter devices. Organizations running vulnerable PAN-OS versions should treat this as an emergency patch priority.

  3. 3
    0
    The Hacker News general
    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

    A supply chain attack dubbed 'Miasma' compromised over 30 npm packages under Red Hat's official '@redhat-cloud-services' namespace, deploying a credential-stealing worm that harvests secrets from developer machines and targets CI/CD pipelines. The malware uses install-time execution, encrypted exfiltration, and self-propagation — tactics borrowed from the previously documented 'Mini Shai-Hulud' campaign. Developers who downloaded affected packages should audit their environments and rotate any exposed credentials immediately.

  4. 4
    0
    Krebs on Security threat-intel
    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

    Attackers circulated instructions on Telegram demonstrating how to manipulate Meta's 'AI support assistant' chatbot into resetting Instagram account passwords without proper authentication, leading to the compromise of high-profile accounts including the Obama White House and the Chief Master Sergeant of the U.S. Space Force. The hijacked accounts were briefly defaced with pro-Iranian imagery before Meta patched the exploit. This incident exposes a new attack surface: social engineering AI support systems to bypass account security controls.

  5. 5
    0
    The Hacker News general
    Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

    Dutch police, working with the National Cyber Security Center (NCSC), dismantled a botnet comprising at least 17 million infected devices — including computers, tablets, smartphones, and IoT devices — by seizing more than 200 command-and-control servers located in the Netherlands. The infrastructure was allegedly used to power a residential proxy network and facilitate broader cybercrime operations. The scale of this takedown makes it one of the largest botnet disruptions in recent years.

  6. 6
    0
    SecurityWeek general
    19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

    A 19-year-old privilege escalation vulnerability in the Linux kernel's CIFS (Common Internet File System) implementation, dubbed 'CIFSwitch,' now has public proof-of-concept exploit code released, allowing low-privileged local users to escalate to root on vulnerable systems. The long patch window and PoC availability significantly increase exploitation risk for unpatched Linux servers and workstations. Administrators should audit kernel versions and apply available patches promptly.

  7. 7
    0
    The Hacker News general
    OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

    Researchers uncovered 'codexui-android,' a malicious npm package masquerading as a remote web UI for OpenAI Codex that had accumulated over 29,000 weekly downloads, stealing OpenAI Codex authentication tokens from developer machines. The package remains available for download on npm and GitHub at time of reporting. This attack specifically targets AI/ML developers who use Codex, making their API credentials and potentially sensitive code repositories at risk.

  8. 8
    0
    The Record threat-intel
    Inspector general finds NIST mistakes have made vulnerability database ineffective

    An inspector general report found that NIST's National Vulnerability Database (NVD) backlog grew from 13,000 unprocessed vulnerabilities in February 2024 to over 27,000 by end of 2025, critically undermining the database's utility as a cornerstone of patch management and risk prioritization workflows. The report directly attributes the degradation to NIST management failures. Security teams relying on NVD for CVE enrichment and CVSS scores are operating with increasingly stale and incomplete data.

  9. 9
    0
    The Hacker News general
    Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

    CVE-2026-8732, a critical unauthenticated privilege escalation flaw in the WP Maps Pro WordPress plugin (with over 15,000 Envato Market sales), is being actively exploited to create rogue administrator accounts on vulnerable sites. The plugin allows embedding Google Maps and OpenStreetMap features, making it a widely deployed target. WordPress site owners using WP Maps Pro should update immediately and audit admin user lists for unauthorized accounts.

  10. 10
    0
    The Record threat-intel
    Microsoft says it will not pursue security researchers after zero-day backlash

    Microsoft publicly walked back implied threats of criminal prosecution against security researchers after backlash from the security community, stating explicitly: 'we have no intention to pursue action against individuals conducting or publishing their security research.' The controversy was triggered when Microsoft appeared to signal legal action against a researcher who published several zero-day exploits in recent weeks. The reversal is significant for the vulnerability disclosure ecosystem, though the initial threat has already chilled researcher relations with the company.