> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19

Tuesday, June 23, 2026

  1. 1
    0
    BleepingComputer general
    FortiBleed campaign used custom FortiGate sniffer to steal credentials

    SOCRadar's analysis of the FortiBleed campaign reveals that threat actors deployed custom sniffers on compromised Fortinet FortiGate devices to harvest authentication credentials at scale, resulting in a database of over 86,000 confirmed working credentials. Fortinet has formally responded to the campaign, which targeted firewall appliances and represents a significant ongoing threat to enterprise network perimeters. Security teams running FortiGate devices should audit for indicators of compromise and rotate any credentials that may have traversed affected systems.

  2. 2
    0
    SecurityWeek general
    New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

    Researchers released a proof-of-concept for 'Usbliter8,' an exploit that bypasses Apple's boot defenses and cannot be patched via software update, affecting millions of iPhones. The unpatchable nature of the vulnerability makes it particularly severe, as Apple cannot remediate it without hardware changes in future device generations. Security practitioners should monitor for guidance from Apple on mitigations and assess exposure for high-value targets in their environments.

  3. 3
    0
    SecurityWeek general
    Fortinet Responds to FortiBleed Campaign

    Fortinet confirmed that the FortiBleed credential-harvesting campaign produced a verified database of over 86,000 working credentials stolen from compromised FortiGate firewall deployments. The campaign used custom-built sniffers injected into device memory to intercept authentication traffic in real time, a technique that evades many traditional detection methods. Organizations using FortiGate should treat the credential store as compromised and implement immediate remediation per Fortinet's guidance.

  4. 4
    0
    The Hacker News general
    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

    Canada's CSIS obtained a first-of-its-kind threat reduction warrant — publicly released June 15 — authorizing agents to remotely access and neutralize two foreign-operated botnets affecting Canadian servers, home routers, and IoT devices. This marks the first documented use of CSIS's threat reduction warrant powers for active botnet disruption, setting a significant legal precedent for intelligence-led cyber defense operations. The ruling expands the toolkit available to Canadian authorities beyond passive monitoring to active infrastructure intervention.

  5. 5
    0
    The Hacker News general
    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

    Wordfence confirmed a supply chain attack against ShapedPlugin's WordPress Pro plugins, where threat actors compromised the vendor's build and distribution pipeline to inject backdoor code into official licensed update releases. The attack targeted users of ShapedPlugin's premium plugin suite distributed through legitimate update channels, making detection difficult for site owners who trusted the update mechanism. WordPress administrators running ShapedPlugin Pro products should audit installed plugin versions and check for unauthorized code immediately.

  6. 6
    0
    The Hacker News general
    29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

    Researchers at Calif.io disclosed 'Squidbleed,' a heap over-read vulnerability in Squid proxy that traces to a 1997 FTP-parsing code change and remains present in Squid's default configuration today. The flaw can leak a user's cleartext HTTP request — including credentials and session tokens — to other users sending traffic through the same proxy, drawing direct comparisons to Heartbleed in its potential for credential exposure. Squid deployments in enterprise and ISP environments should be patched or mitigated immediately given the widespread use of the software.

  7. 7
    0
    The Hacker News general
    AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

    QiAnXin's XLab identified AryStinger, a new malware family that has infected at least 4,300 legacy home routers — primarily D-Link devices — to build a distributed reconnaissance and proxy network rather than a traditional DDoS botnet. Unlike typical router botnets, AryStinger is designed for the pre-exploitation phase of attacks, providing threat actors with anonymized infrastructure for reconnaissance operations. The malware count is still rising, and the focus on pre-attack staging makes it a high-value tool for targeted intrusion campaigns.

  8. 8
    0
    SecurityWeek general
    North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

    North Korean threat actors have been attributed to a supply chain attack on the Mastra framework's NPM ecosystem, injecting a malicious dependency into over 140 Mastra packages that fetches a payload specifically targeting cryptocurrency browser extensions. The campaign continues the pattern of DPRK-linked groups using open-source package ecosystems to compromise developer environments and steal cryptocurrency assets. Developers using Mastra packages should audit their dependency trees and check for the malicious dependency introduced by the attackers.

  9. 9
    0
    The Hacker News general
    Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

    Zafran Security disclosed four vulnerabilities collectively named 'DifyTap' in Dify, an open-source AI agentic workflow platform with over 146,000 GitHub stars, that allow unauthenticated attackers to read AI conversation data across tenant boundaries. The cross-tenant data leakage flaws expose sensitive AI interaction logs from other customers' applications, making this a critical concern for multi-tenant Dify deployments used in enterprise AI workflows. Organizations running Dify should apply available patches and audit their multi-tenant configurations immediately.

  10. 10
    0
    SecurityWeek general
    More Cybersecurity Firms Disclose Impact From Klue Hack

    The breach of Klue, a competitive intelligence platform, has expanded to impact multiple prominent cybersecurity vendors including HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium. The compromise of a vendor serving so many security-focused organizations underscores the third-party supply chain risk even within the cybersecurity industry itself. Affected organizations should assess what data was shared with Klue and notify relevant stakeholders per breach disclosure obligations.