> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28

Sunday, June 07, 2026

  1. 1
    0
    The Hacker News general
    Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

    The Miasma self-replicating worm compromised 73 Microsoft GitHub repositories across four organizations — Azure, Azure-Samples, Microsoft, and MicrosoftDocs — in a significant supply chain attack that prompted GitHub to disable access to affected repositories. This is a critical story for security practitioners managing open-source dependencies, as supply chain attacks via trusted platforms like Microsoft's GitHub presence can have downstream effects on countless projects and pipelines.

  2. 2
    0
    SecurityWeek general
    Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

    Cisco has confirmed active exploitation of CVE-2026-20245 (CVSS 7.8) in Catalyst SD-WAN Manager — the 7th SD-WAN zero-day exploited in 2026 — with no patch yet available. The flaw enables arbitrary command execution as root and affects on-premises, Cloud-Pro, Cisco-managed cloud, and FedRAMP government deployments, making it an immediate priority for network security teams.

  3. 3
    0
    The Hacker News general
    AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

    An autonomous AI security agent discovered 21 zero-day vulnerabilities in FFmpeg, the widely embedded open-source media library, while Google's Chrome 149 shipped patches for a record 429 security bugs in a single release. Both events signal a rapid acceleration in vulnerability discovery and patch volume that will strain security operations teams managing browser and media-processing attack surface.

  4. 4
    0
    BleepingComputer general
    Critical Everest Forms Pro flaw exploited to take over WordPress sites

    Attackers are actively exploiting CVE-2026-3300, a critical vulnerability in the Everest Forms Pro WordPress plugin, to achieve full site takeover. WordPress plugin vulnerabilities with active exploit chains are high-priority for defenders managing web infrastructure, given the platform's massive install base.

  5. 5
    0
    The Hacker News general
    CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

    CISA added CVE-2026-28318 (CVSS 7.5), a denial-of-service flaw in SolarWinds Serv-U multi-protocol file server, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. Federal agencies face a mandatory remediation deadline under BOD 22-01, and all Serv-U operators should treat this as an urgent patching priority.

  6. 6
    0
    The Hacker News general
    PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

    Threat actor PCPJack hijacked 230 cloud servers across AWS, Google Cloud, and Azure — spanning the U.S., Europe, and Asia — converting them into a covert SMTP relay network that syncs verified mail relay proxies to downstream consumers every five minutes. This infrastructure abuse enables large-scale phishing and spam campaigns while obscuring attribution behind legitimate cloud provider IP space.

  7. 7
    0
    BleepingComputer general
    Over 900 US gas station tank gauge systems exposed to attacks

    Over 900 automatic tank gauge (ATG) systems at U.S. gas stations are exposed to the internet and actively under attack, posing direct physical risk to fuel and chemical storage infrastructure. Threat actors exploiting unprotected ATG interfaces could cause service disruption or safety incidents at critical infrastructure sites.

  8. 8
    0
    The Hacker News general
    New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

    ReliaQuest researchers identified a previously unknown China-linked threat cluster designated OP-512 that targets Microsoft IIS servers, deploying a custom web shell framework for espionage operations. The espionage focus and use of bespoke tooling on a widely deployed server platform make this a relevant threat for enterprise and government network defenders.

  9. 9
    0
    SecurityWeek general
    Hackers Leak DentaQuest Information Impacting 2.6 Million

    The ShinyHunters extortion group leaked approximately 234 GB of data allegedly stolen from DentaQuest, a dental benefits administrator, affecting 2.6 million individuals. The breach underscores ongoing healthcare sector targeting by ShinyHunters and the severity of downstream exposure when benefits administrators — which hold sensitive PII and health data — are compromised.

  10. 10
    0
    The Hacker News general
    New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

    OpenAI is rolling out a Lockdown Mode for ChatGPT targeting Free, Go, Plus, and Pro account holders that restricts tools capable of facilitating data exfiltration via prompt injection attacks. This is a notable defensive control for enterprises permitting ChatGPT use with sensitive data, directly addressing a documented attack vector where adversarial prompts redirect AI outputs to attacker-controlled endpoints.