1. The ShinyHunters threat group claims to have stolen 275 million records from Canvas LMS affecting 9000 schools with a ransom deadline set for May 12 (Reddit). 2. Instructure reported a second security incident involving its Canvas platform following the massive data breach (Reddit). 3. The official JDownloader website was compromised to distribute malicious installers containing a Python based remote access trojan (BleepingComputer). 4. A…
Posts published in “CyberSec report”
1. The ShinyHunters extortion group breached the Canvas education platform and defaced login portals for thousands of schools, threatening to leak 275 million records (krebsonsecurity.com). 2. A new unpatched Linux kernel vulnerability named Dirty Frag allows local attackers to gain root access on most major distributions (thehackernews.com). 3. The Copy Fail vulnerability, identified as CVE-2026-31431, is currently under active exploitation in the wild (thehackernews.com). 4.…
1. Palo Alto Networks warns that a critical buffer overflow vulnerability in PAN-OS tracked as CVE-2026-0300 is being actively exploited for unauthenticated remote code execution (thehackernews.com). 2. A critical Linux kernel local privilege escalation vulnerability known as Copy Fail or CVE-2026-31431 allows for stealthy root access on millions of systems (unit42.paloaltonetworks.com). 3. The Apache Software Foundation released updates for a critical HTTP/2 flaw tracked as…
1. Instructure confirmed a data breach involving its Canvas platform with the ShinyHunters extortion gang claiming responsibility for the attack (bleepingcomputer.com). 2. An IBM subsidiary responsible for managing Italian public administration infrastructure suffered a breach where attackers maintained access for two weeks (reddit.com). 3. A critical cPanel vulnerability is being mass exploited in ongoing Sorry ransomware attacks (reddit.com). 4. A global law enforcement operation involving…
1. Trellix confirmed a security breach involving unauthorized access to a portion of its internal source code repository (thehackernews.com). 2. A Vietnamese-linked operation named AccountDumpling compromised 30,000 Facebook accounts using Google AppSheet as a phishing relay (thehackernews.com). 3. China-linked threat group SHADOW-EARTH-053 is conducting an espionage campaign targeting government and defense sectors across Asia and a NATO member state (thehackernews.com). 4. Cybercrime groups Cordial Spider…
1. A critical Linux local privilege escalation vulnerability named Copy Fail tracked as CVE-2026-31431 allows unprivileged users to obtain root access (The Hacker News). 2. Official SAP npm packages were compromised in a supply chain attack to steal developer credentials and authentication tokens (Bleeping Computer). 3. Google patched a maximum severity remote code execution flaw in the Gemini CLI npm package and GitHub Actions workflow…
1. Microsoft confirmed active exploitation of the Windows Shell spoofing vulnerability CVE 2026 32202 (The Hacker News). 2. A Chinese national linked to the Silk Typhoon threat group was extradited to the United States for cyberattacks against government agencies (The Hacker News). 3. French authorities arrested a 21 year old hacker known as HexDex for approximately 100 data breaches including the French Ministry of National…
1. CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers (The Hacker News). 2. Home security company ADT confirmed a data breach following extortion threats from the ShinyHunters group (BleepingComputer). 3. The Lazarus APT group is conducting a new campaign using the Mach-O Man malware kit to target businesses on macOS (Reddit).…
1. A high severity SSRF vulnerability in LMDeploy tracked as CVE 2026 33626 is being actively exploited in the wild within 13 hours of its disclosure (thehackernews.com). 2. The Bitwarden CLI npm package was compromised as part of an ongoing supply chain attack involving malicious code in the bw1.js file (thehackernews.com). 3. The threat group UNC6692 is conducting a campaign by impersonating IT helpdesk staff…
1. Over 1300 Microsoft SharePoint servers remain vulnerable to a spoofing zero day exploit that is currently being used in active attacks (BleepingComputer). 2. Microsoft released emergency out of band security updates to address a critical privilege escalation vulnerability in ASP.NET Core (BleepingComputer). 3. CISA has flagged a new SD WAN vulnerability that is currently being exploited in the wild (Reddit). 4. Researchers discovered a…