> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14

Thursday, June 18, 2026

  1. 1
    0
    Ars Technica Security general
    Massive breach spills credentials for thousands of sensitive networks

    A massive credential breach has exposed VPN and network access credentials for thousands of sensitive organizations including Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet. The scale and sensitivity of affected targets makes this immediately actionable for security teams conducting third-party risk assessments and incident response triage.

  2. 2
    0
    BleepingComputer general
    FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.

    The 'FortiBleed' data leak has exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs belonging to organizations worldwide. Combined with active exploitation of FortiSandbox vulnerabilities (articles 5079, 5136, 5167), this represents a compounding crisis for Fortinet-dependent network defenders who must audit exposed credentials and patch simultaneously.

  3. 3
    0
    BleepingComputer general
    Critical Fortinet FortiSandbox flaws now exploited in attacks

    Multiple critical vulnerabilities in Fortinet's FortiSandbox threat detection platform are being actively exploited in the wild, with threat intelligence firm Defused confirming attacks. SOCRadar has detected approximately 30,000 compromised Fortinet firewalls, and multiple firms report exploitation originating from independent sources rather than a single coordinated campaign.

  4. 4
    0
    The Hacker News general
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

    Microsoft has confirmed CVE-2026-50656 (CVSS 7.8), a privilege escalation zero-day in the Microsoft Malware Protection Engine codenamed 'RoguePlanet,' with a patch still in development. Public PoC code exploiting a race condition to spawn a SYSTEM-level command prompt is already circulating, making this a high-priority exposure for any Windows endpoint running Defender.

  5. 5
    0
    The Hacker News general
    144 Mastra npm Packages Compromised via Hijacked Contributor Account

    A supply chain attack dubbed 'easy-day-js' compromised 144 npm packages in the Mastra '@mastra/*' namespace after attackers hijacked a single contributor account (ehindero), affecting a widely-used JavaScript/TypeScript AI application framework. Findings were reported by JFrog, SafeDep, Socket, and StepSecurity, underscoring the ongoing risk of single-account compromise cascading across large package ecosystems.

  6. 6
    0
    The Hacker News general
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

    CISA added CVE-2026-48907 (CVSS 10.0), an improper access control flaw in the Widget Factory Joomla Content Editor (JCE) plugin enabling arbitrary PHP code execution, to its KEV catalog with a patch deadline of Friday for federal agencies. The maximum severity score and active exploitation make this urgent for any organization running Joomla with the JCE plugin installed.

  7. 7
    0
    SecurityWeek general
    Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

    DragonForce ransomware operators abused Microsoft Teams relay servers for command-and-control, deploying a novel Go-based backdoor that blends C2 traffic with legitimate Teams infrastructure to evade detection. This technique complicates network-layer defenses that whitelist Microsoft services and signals an escalation in ransomware groups' abuse of trusted SaaS platforms.

  8. 8
    0
    The Record threat-intel
    GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

    GitHub dismissed two formal vulnerability reports identifying design flaws that researchers say are now being actively exploited by variants of the Shai-Hulud supply-chain worm, which has infected hundreds of software packages and developer accounts globally. The platform's failure to act on reported design flaws before weaponization raises significant questions about responsible disclosure workflows at major code hosting providers.

  9. 9
    0
    Ars Technica Security general
    Critical Copilot vulnerability allowed hackers to seal 2FA code from users

    A critical vulnerability dubbed 'SearchLeak' in Microsoft Copilot allowed attackers to steal users' 2FA codes via prompt injection, demonstrating once again that LLM-integrated tools inherit and amplify traditional web security flaws. The exploit illustrates how indirect prompt injection through search results can weaponize AI assistants against the very users they serve.

  10. 10
    0
    The Hacker News general
    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

    15 malicious plugins on the JetBrains Marketplace, posing as DeepSeek-based AI coding assistants, were found exfiltrating AI provider API keys from developers' machines in what researchers describe as a coordinated campaign. Separately, malicious Chrome extensions were observed capturing chatbot conversation data, representing a targeted supply-chain threat against developer toolchains handling sensitive AI credentials.