> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09 May 08 May 05 May 03 May 02 May 01

Tuesday, June 09, 2026

  1. 1
    0
    The Hacker News general
    Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

    Check Point disclosed CVE-2026-50751 (CVSS 9.3), a critical logic flaw in certificate validation affecting Remote Access VPN and Mobile Access deployments using the deprecated IKEv1 protocol, allowing unauthenticated remote attackers to bypass passwords. Active exploitation has been traced back to early May, with a Qilin ransomware affiliate blamed for at least one confirmed incident. Administrators running IKEv1-configured Check Point gateways should patch immediately and consider migrating to IKEv2.

  2. 2
    0
    The Hacker News general
    One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

    CVE-2026-23111, a use-after-free vulnerability in the Linux kernel's nf_tables packet-filtering subsystem, allows unprivileged local users to escalate to root and escape containers. Exodus Intelligence published a full working exploit on June 8, 2026, despite the upstream patch having been available since February 5, 2026. Unpatched Linux systems running containerized workloads are at acute risk given the public exploit availability.

  3. 3
    0
    The Hacker News general
    Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order

    Meta detected and blocked new spear-phishing campaigns attributed to NSO Group targeting WhatsApp users, and filed a federal court contempt order alleging NSO violated a permanent injunction barring it from attacking WhatsApp and its users. The attacks involved tricking targets into clicking malicious links redirecting to external websites, constituting a direct violation of the court order. This marks a significant legal escalation against the Israeli spyware vendor following Meta's landmark 2019 lawsuit.

  4. 4
    0
    The Hacker News general
    UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

    Google Mandiant attributed a financially motivated data theft and extortion campaign (January–May 2026) to UNC3753, also tracked as Silent Ransom Group, which targeted dozens of U.S. organizations in professional, legal, and financial services. The group employed vishing, IT impersonation, DNS fast flux to obscure C2 infrastructure, and physical office intrusions to steal data. The multi-vector TTPs make this threat particularly difficult to defend against with purely technical controls.

  5. 5
    0
    BleepingComputer general
    New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

    A new supply chain attack dubbed Shai-Hulud 'Hades' campaign compromised 19 science-focused PyPI packages across 37 wheels, collectively downloaded hundreds of thousands of times, delivering malware designed to steal developer secrets and credentials. The packages were trojanized to run a self-replicating stealer and included a leaked bot token embedded within the malware itself. This is the second iteration of the Shai-Hulud campaign and signals continued evolution of PyPI-targeting threat actors.

  6. 6
    0
    The Hacker News general
    VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

    Volexity attributed a new espionage campaign to VerdantBamboo (overlapping with Microsoft's Clay Typhoon) deploying a previously undocumented BSD variant of the BRICKSTORM backdoor alongside two new malware families, PLENET (aka GRIMBOLT) and AGENTPSD, targeting Linux network appliances. This China-nexus threat actor's expansion to BSD/Linux platforms broadens the attack surface beyond Windows environments typically monitored by enterprise defenders. Security teams protecting Linux-based network infrastructure should review Volexity's indicators.

  7. 7
    0
    BleepingComputer general
    Critical UniFi OS bug lets hackers gain root without authentication

    Researchers disclosed a chain of three previously fixed vulnerabilities in Ubiquiti's UniFi OS server that can be combined to achieve unauthenticated remote code execution with root privileges. The exploit chain requires no authentication and targets internet-facing UniFi devices, which are widely deployed in enterprise and prosumer networks. Ubiquiti has issued patches and administrators should update UniFi OS immediately.

  8. 8
    0
    Ars Technica Security general
    For the 2nd time in weeks, Microsoft packages laced with credential stealer

    For the second time in weeks, malicious packages targeting the Microsoft ecosystem were found laced with a credential stealer — 73 packages that execute a self-replicating stealer automatically when opened by an AI coding agent. The attack exploits the growing use of AI-assisted development workflows where agents autonomously install and execute packages. This pattern of recurring supply chain attacks against Microsoft package repositories represents an escalating threat to developer environments.

  9. 9
    0
    BleepingComputer general
    Over 20,000 Instagram accounts stolen in Meta AI support hack

    Attackers abused Meta's AI-powered account recovery support system to hijack over 20,000 Instagram accounts by using it to reset passwords on targeted accounts. Meta has disclosed the incident to authorities and confirmed the accounts were stolen, representing a novel attack vector where AI support tooling itself becomes an exploitation surface. The incident underscores risks introduced when AI systems are given privileged account management capabilities without sufficient fraud controls.

  10. 10
    0
    SecurityWeek general
    SolarWinds Serv-U Vulnerability Exploited in the Wild

    SolarWinds Serv-U file transfer software has a vulnerability being actively exploited in the wild, allowing unauthenticated attackers to crash the Serv-U service via specially crafted POST requests. Given SolarWinds' history as a high-value target and the active exploitation status, organizations running Serv-U should apply available patches immediately and review network exposure. No CVE identifier was specified in the report, but SecurityWeek confirmed in-the-wild exploitation.