> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17

Saturday, June 20, 2026

  1. 1
    0
    The Hacker News general
    CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

    CISA issued an urgent warning about 'FortiBleed,' a large-scale credential theft campaign targeting Fortinet FortiGate firewalls and VPNs — with 86,644 devices compromised, representing roughly half of all internet-accessible Fortinet appliances. The campaign is attributed to Russian-speaking threat actors and CISA is urging immediate remediation of affected devices. Security teams running Fortinet edge infrastructure should treat this as a critical priority given the scale of exposure.

  2. 2
    0
    The Hacker News general
    Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

    Operation Endgame — a joint law enforcement action involving Dutch, Canadian, German, and U.S. authorities — disrupted the SocGholish malware network tied to Russia's Evil Corp, taking down 106 C&C servers and domains while cleaning nearly 14,971 infected WordPress sites. SocGholish is a long-running drive-by download framework used for initial access and ransomware staging. The operation represents one of the more significant botnet disruptions targeting WordPress-based malware infrastructure.

  3. 3
    0
    BleepingComputer general
    CISA: Splunk Enterprise flaw actively exploited, patch by Sunday

    CISA added a critical Splunk Enterprise vulnerability to its Known Exploited Vulnerabilities catalog and mandated that U.S. federal agencies patch by Sunday, June 22, 2026, indicating active exploitation in the wild. The flaw resides in Splunk's AI Toolkit and enables OS command injection. Organizations running Splunk Enterprise should prioritize this patch given active exploitation and the prevalence of Splunk in SOC environments.

  4. 4
    0
    The Hacker News general
    Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

    Researchers at Paradigm Shift published a working exploit called 'usbliter8' achieving arbitrary code execution inside the SecureROM of Apple A12 and A13 chips — silicon-level code that cannot be patched via software updates. The attack requires physical USB access but permanently affects all devices using these chips (iPhone XS through iPhone 11 generation) for their operational lifetime. This is a significant hardware-level security regression comparable to the checkm8 bootrom exploit.

  5. 5
    0
    The Hacker News general
    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

    Salesforce disabled the Klue Battlecards app integration on June 11, 2026 after threat actors abused OAuth tokens to exfiltrate data from customers' Salesforce environments. Victims include cybersecurity vendors Huntress and Recorded Future, making this the third Salesforce-integrated application compromised in a similar supply chain attack pattern. The 'Icarus' extortion group has claimed responsibility, and the incident underscores OAuth token abuse as a growing supply chain vector.

  6. 6
    0
    The Hacker News general
    F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

    F5 patched two critical vulnerabilities in NGINX Open Source, including CVE-2026-42530 (CVSS v4: 9.2), a use-after-free flaw in ngx_http_v3_module exploitable by remote unauthenticated attackers, enabling potential arbitrary code execution. Given NGINX's ubiquity as a web server and reverse proxy across enterprise and cloud environments, these flaws carry broad exposure risk. Organizations should apply F5's security updates immediately.

  7. 7
    0
    The Hacker News general
    Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

    Microsoft detailed a cryptocurrency clipper campaign active since February 2026 that spreads via USB LNK worm files and uses Windows Script Host and ActiveX to launch a bundled Tor proxy, communicating with hidden-service C2 infrastructure. The malware monitors clipboard content to hijack crypto wallet addresses and has self-spreading capabilities across air-gapped or isolated environments. The use of Tor for C2 complicates network-based detection and blocking.

  8. 8
    0
    The Hacker News general
    The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

    The Gentlemen ransomware-as-a-service operation distributes a mature EDR-killing framework called GentleKiller to affiliates, which targets approximately 400 distinct security processes to disable defenses before deploying the encryptor. The RaaS incorporates both proprietary and third-party EDR termination tools, reflecting an industrialization of defense evasion capabilities. Security teams should audit which EDR processes are most susceptible to BYOVD or direct termination attacks.

  9. 9
    0
    BleepingComputer general
    Texas govt data breach exposes over 3 million driver’s licenses

    The Texas Parks and Wildlife Department disclosed a breach at its third-party license system vendor that exposed personal data for over 3 million individuals, including driver's license information. The breach affects customers who used TPWD's licensing services, adding to a growing pattern of state government vendor supply chain compromises. Affected individuals face elevated risk of identity theft given the nature of the exposed data.

  10. 10
    0
    SecurityWeek general
    Critical Command Execution Vulnerability Patched in Cisco ISE

    Cisco patched a critical command execution vulnerability in Cisco Identity Services Engine (ISE) caused by insufficient validation of user input, allowing an attacker to gain access to the underlying OS and escalate privileges to root. Cisco ISE is widely deployed as a network access control and policy enforcement platform, making this a high-value target for lateral movement. Administrators should apply the patch immediately given the root escalation potential.