> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21

Thursday, June 25, 2026

  1. 1
    0
    BleepingComputer general
    Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

    Mandiant revealed exploitation details for CVE-2026-20245, a zero-day vulnerability in Cisco Catalyst SD-WAN that attackers used to create rogue root accounts on targeted devices at a communications service provider — two months before the flaw was publicly disclosed. The attack leveraged rogue peering to connect to victim SD-WAN devices and escalate to admin and root-level privileges, representing a high-impact supply chain risk for telecom operators running Cisco SD-WAN infrastructure.

  2. 2
    0
    The Hacker News general
    Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

    A coordinated Operation Endgame action led by Europol, Microsoft, Bitdefender, Bitsight, and ESET dismantled infrastructure powering the Amadey botnet and StealC infostealer, recovering 27 million stolen credentials and disrupting over 200 command-and-control servers. This marks the first court-authorized takedown targeting two cybercrime tools simultaneously, representing a novel legal approach aimed at the full criminal 'assembly line' supporting ransomware and financial fraud operations.

  3. 3
    0
    The Hacker News general
    Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

    Threat actors have begun actively exploiting CVE-2026-20230 (CVSS 8.6), an improper input validation flaw in Cisco Unified Communications Manager (Unified CM) and Unified CM SME, after a public proof-of-concept revealed a file-write path to root access. The vulnerability allows unauthenticated remote attackers to achieve root-level code execution; Cisco had issued patches in early June but active exploitation is now confirmed, making immediate patching critical for enterprise UC deployments.

  4. 4
    0
    SecurityWeek general
    macOS Weaknesses Chained to Silently Disable Endpoint Security Agents

    Researchers disclosed a macOS attack chain that allows a standard non-admin user account to silently disable endpoint security agents by chaining legitimate OS behaviors — no kernel exploits or administrator privileges required. The technique exploits weaknesses in macOS's security framework to terminate integrated browser tools and EDR agents, posing a significant risk to enterprises relying on macOS endpoint protection.

  5. 5
    0
    SecurityWeek general
    New ‘Mistic’ RAT Opens Door to Several Ransomware Families

    A newly identified RAT named 'Mistic' is being deployed by initial access broker 'Woodgnat' (also tracked as KongTuke) to provide entry points for at least six ransomware families: Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. Attacks have targeted organizations in insurance, education, IT, and professional services sectors, making Mistic a high-priority indicator of compromise for threat hunters tracking ransomware precursor activity.

  6. 6
    0
    SecurityWeek general
    Russian Initial Access Broker Behind FortiBleed Campaign

    A Russian initial access broker behind the 'FortiBleed' campaign deployed a custom Golang-based sniffer targeting 430,000 FortiGate firewalls, capturing over 110 million credentials since at least February 2026. The campaign repurposes compromised FortiGate devices as credential-harvesting infrastructure, posing an outsized risk to organizations that have not fully remediated known FortiOS vulnerabilities.

  7. 7
    0
    SecurityWeek general
    Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration

    President Trump signed an executive order requiring all federal agencies to migrate high-value assets to post-quantum cryptography (PQC) by end of 2030, and high-impact systems by end of 2031, dramatically compressing previous migration timelines. The order cites national security risks from 'harvest now, decrypt later' quantum threats and aligns with NIST's finalized PQC standards, creating compliance urgency for government contractors and critical infrastructure operators.

  8. 8
    0
    BleepingComputer general
    Scattered Spider members plead guilty to hacking Transport for London

    Two members of the Scattered Spider cybercrime group — a 20-year-old and an 18-year-old — pleaded guilty to hacking Transport for London's network in 2024, disrupting public transit services for months. The guilty pleas are a significant law enforcement win against the prolific English-speaking threat actor group responsible for high-profile intrusions across multiple sectors.

  9. 9
    0
    The Hacker News general
    Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

    Researchers at Novee Security identified a CI/CD vulnerability class dubbed 'Cordyceps' that allows unauthenticated attackers to hijack GitHub Actions workflows by exploiting the 'pull_request_target' trigger, potentially compromising 300+ repositories at organizations including Microsoft, Google, and Apache. GitHub responded on June 18, 2026 by updating 'actions/checkout' to block these pwn request attack patterns, but repositories using older action versions remain at risk.

  10. 10
    0
    The Hacker News general
    DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

    The U.S. Department of Justice seized a cloud computing account operated by subsidiaries of Cambodia-based HuiOne Group, alleged to have laundered proceeds from cyber scams, while the Treasury Department simultaneously sanctioned nine individuals and 26 entities linked to the Prince Group. HuiOne had already been severed from the U.S. financial system in a prior action, and this coordinated DOJ/Treasury operation targets the group's remaining digital infrastructure used to facilitate transnational cybercrime.