> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13

Wednesday, June 17, 2026

  1. 1
    0
    The Hacker News general
    Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

    Threat intelligence firm Defused Cyber confirmed active exploitation of three Fortinet FortiSandbox vulnerabilities within a 24-hour window: CVE-2026-39813 (CVSS 9.1, path traversal in JRPC API), CVE-2026-39808, and CVE-2026-25089. One of the CVEs was patched only the previous week, making this a critical patching priority for organizations using FortiSandbox for threat detection.

  2. 2
    0
    The Hacker News general
    China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

    ESET researchers disclosed two previously undocumented Windows variants of SprySOCKS — previously believed to be Linux-only — dubbed WIN_DRV and WIN_PLUS, attributed to China-nexus threat group FishMonger. Both variants use kernel driver-based stealth for C2 communication over TCP and UDP, and have been deployed against government organizations in Honduras, Taiwan, Thailand, and Pakistan.

  3. 3
    0
    The Hacker News general
    Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

    Cisco patched CVE-2026-20262 (CVSS 6.5) in Catalyst SD-WAN Manager (formerly vManage), an authenticated arbitrary file write vulnerability under active exploitation in the wild. Security teams running SD-WAN Manager should apply the update immediately, as this is the second SD-WAN zero-day patched by Cisco in recent weeks.

  4. 4
    0
    The Hacker News general
    Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

    Google's Threat Intelligence Group exposed UNC6508, a China-linked espionage actor that remained undetected inside North American medical, academic, and military research networks for over a year beginning in early 2025. Attackers compromised REDCap research servers to steal credentials, then abused victims' own Google Workspace email rules to silently exfiltrate sensitive research and defense communications.

  5. 5
    0
    The Hacker News general
    One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

    Varonis Threat Labs disclosed a three-bug chain called SearchLeak in Microsoft 365 Copilot Enterprise Search, exploitable with a single click on a legitimate microsoft.com domain link. The attack could exfiltrate emails, calendar entries, indexed files, and MFA codes without triggering URL filtering or anti-phishing tools — Microsoft has since patched the vulnerability.

  6. 6
    0
    SecurityWeek general
    Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

    A supply chain attack dubbed 'Atomic Arch' resulted in approximately 1,500 malicious packages being uploaded to the Arch User Repository (AUR), prompting Arch Linux to suspend new account registrations entirely. AUR packages are community-maintained and not subject to the same vetting as official repositories, making this a significant risk for Arch-based Linux deployments in enterprise and developer environments.

  7. 7
    0
    The Hacker News general
    CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

    CISA added CVE-2026-54420 (CVSS 8.5) — a privilege escalation to root flaw in the LiteSpeed cPanel Plugin — to its Known Exploited Vulnerabilities catalog, mandating remediation by June 18, 2026 for all FCEB agencies. The three-day remediation deadline signals confirmed active exploitation against internet-facing cPanel-hosted servers.

  8. 8
    0
    BleepingComputer general
    Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

    DragonForce ransomware group deployed a custom malware named 'Backdoor.Turn' that tunnels C2 traffic through Microsoft Teams relay infrastructure, effectively masking malicious communications within legitimate enterprise traffic. This technique complicates network-based detection since traffic originates from trusted Microsoft IP ranges used by Teams.

  9. 9
    0
    The Hacker News general
    Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

    North Korean APT37 (ScarCruft) was observed delivering a new RAT called NarwhalRAT via spear-phishing emails impersonating Microsoft Account security alerts, according to Genians Security Center. The campaign leverages social engineering around fake account compromise notifications to trick targets into executing the malware payload.

  10. 10
    0
    BleepingComputer general
    OptinMonster WordPress plugin hacked in CDN supply-chain attack

    WordPress plugins OptinMonster, TrustPulse, and PushEngage were compromised in a CDN-level supply chain attack targeting Awesome Motive's content distribution infrastructure. Because the malicious code was injected at the CDN layer rather than the plugin source, all sites using the affected CDN-served versions received the tampered files regardless of plugin update status.