> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18

Sunday, June 21, 2026

  1. 1
    0
    BleepingComputer general
    CISA warns Fortinet users to secure devices after FortiBleed leak

    CISA issued an urgent advisory for Fortinet customers after the 'FortiBleed' leak exposed credentials from nearly 74,000 firewall and VPN devices — roughly half of all internet-accessible Fortinet appliances. Security practitioners managing Fortinet infrastructure should treat this as an active incident requiring immediate credential rotation and access review.

  2. 2
    0
    SecurityWeek general
    FortiBleed: 86,000 Fortinet Device Credentials Compromised

    The 'FortiBleed' campaign compromised credentials from approximately 86,000 Fortinet devices including firewalls and VPNs, representing a massive-scale credential theft event. The scale — affecting roughly half of internet-accessible Fortinet appliances — makes this a critical priority for network security teams with Fortinet deployments.

  3. 3
    0
    SecurityWeek general
    15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

    Operation Endgame targeted the SocGholish botnet infrastructure linked to Russia-based Evil Corp, taking down 106 command-and-control servers and domains and cleaning up approximately 15,000 compromised WordPress websites. The coordinated law enforcement and private-sector action represents a significant disruption to one of the most prolific drive-by download malware distribution networks.

  4. 4
    0
    The Record threat-intel
    Police raid malware network tied to Russia's Evil Corp hacker group

    An international police operation raided infrastructure tied to the SocGholish botnet, which has been attributed to Evil Corp, a Russia-based cybercrime group subject to U.S. Treasury sanctions. The takedown complements Operation Endgame's infrastructure seizures and signals continued cross-border pressure on Russian cybercrime ecosystems.

  5. 5
    0
    BleepingComputer general
    Microsoft links Mastra AI supply chain attack to North Korean hackers

    Microsoft attributed a supply chain attack on the Mastra AI framework to North Korean threat actor Sapphire Sleet (BlueNoroff), which compromised more than 140 npm packages. This campaign demonstrates North Korea's expanding focus on AI development toolchains as a vector for software supply chain compromise.

  6. 6
    0
    SecurityWeek general
    Cybersecurity Firms Impacted by Klue Supply Chain Attack

    The Icarus extortion group's attack on market intelligence platform Klue resulted in OAuth token theft that granted access to customers' Salesforce environments, with confirmed victims including cybersecurity firms Huntress and Recorded Future. The incident illustrates how third-party SaaS integrations create transitive trust relationships that can cascade breaches across an entire customer base.

  7. 7
    0
    BleepingComputer general
    Klue OAuth breach victim list grows as Icarus hackers claim attack

    Market intelligence platform Klue confirmed that the Icarus extortion group stole OAuth tokens used to connect customer Salesforce environments, with the victim list continuing to grow. The breach highlights the risk of OAuth credential exposure in B2B SaaS platforms where a single token compromise can provide lateral access to downstream enterprise CRM data.

  8. 8
    0
    The Hacker News general
    AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

    Microsoft researchers detailed 'AutoJack,' an exploit chain where a malicious web page loaded by an AI browsing agent can invoke a privileged local service via JavaScript and achieve host-level code execution — requiring no credentials or additional user interaction after initial page load. The attack demonstrates a new class of AI agent security risk where agentic browsing capabilities create unintended local privilege escalation paths.

  9. 9
    0
    The Hacker News general
    Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

    Threat actors are actively exploiting CVE-2026-4020 (CVSS 5.3), an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin installed on roughly 100,000 sites, to extract API keys, OAuth tokens, and other secrets from plugin configuration data. Despite the medium severity CVSS score, active in-the-wild exploitation of this plugin across a large install base makes patching urgent for WordPress site operators.

  10. 10
    0
    The Hacker News general
    Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

    Apple patched CVE-2025-20701 (CVSS 8.8) in Beats Studio Buds firmware, a high-severity incorrect authorization flaw in the Airoha Bluetooth audio SDK that allows nearby attackers to pair with the device and access microphone audio without user consent. The vulnerability in the underlying Airoha SDK may affect other Bluetooth audio products beyond Apple's Beats line that use the same chipset.