1. The ShinyHunters threat group claims to have stolen 275 million records from Canvas LMS affecting 9000 schools with a ransom deadline set for May 12 (Reddit). 2. Instructure reported a second security incident involving its Canvas platform following the massive data breach (Reddit). 3. The official JDownloader website was compromised to distribute malicious installers containing a Python based remote access trojan (BleepingComputer). 4. A…
Posts tagged as “CVE”
1. Trellix confirmed a security breach involving unauthorized access to a portion of its internal source code repository (thehackernews.com). 2. A Vietnamese-linked operation named AccountDumpling compromised 30,000 Facebook accounts using Google AppSheet as a phishing relay (thehackernews.com). 3. China-linked threat group SHADOW-EARTH-053 is conducting an espionage campaign targeting government and defense sectors across Asia and a NATO member state (thehackernews.com). 4. Cybercrime groups Cordial Spider…
1. A critical Linux local privilege escalation vulnerability named Copy Fail tracked as CVE-2026-31431 allows unprivileged users to obtain root access (The Hacker News). 2. Official SAP npm packages were compromised in a supply chain attack to steal developer credentials and authentication tokens (Bleeping Computer). 3. Google patched a maximum severity remote code execution flaw in the Gemini CLI npm package and GitHub Actions workflow…
1. Microsoft confirmed active exploitation of the Windows Shell spoofing vulnerability CVE 2026 32202 (The Hacker News). 2. A Chinese national linked to the Silk Typhoon threat group was extradited to the United States for cyberattacks against government agencies (The Hacker News). 3. French authorities arrested a 21 year old hacker known as HexDex for approximately 100 data breaches including the French Ministry of National…
1. Cloud development platform Vercel confirmed a security breach involving unauthorized access to internal systems following the compromise of a third party AI tool used by an employee (The Hacker News). 2. Threat actors are actively exploiting a 17 year old Microsoft Excel vulnerability which has been flagged by the US cyber defense agency (Reddit). 3. Researchers identified a new malware strain named ZionSiphon targeting…
1. Adobe released an emergency patch for CVE-2026-34621, a critical vulnerability in Acrobat Reader currently under active exploitation in the wild (The Hacker News). 2. Threat actors compromised the CPUID website to distribute trojanized versions of CPU-Z and HWMonitor, which deployed the STX RAT to unsuspecting users (The Hacker News). 3. ShinyHunters claimed a data breach affecting Rockstar Games, allegedly facilitated through a Snowflake integration…
1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/). 2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html). 3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7…