The Canvas breach tied to the ShinyHunters group interrupted teaching at thousands of schools, but the U.S. Homeland Security Committee’s May 21 demand for Instructure testimony signals a deeper issue: this incident is as much about governance, contracting, and data protection across education technology as it is about a temporary outage. Classroom disruption and what […]
The May 2026 wave of the Shai‑Hulud campaign didn’t just steal credentials: attackers chained multiple GitHub Actions weaknesses to publish more than 170 malicious npm and PyPI packages that carried valid SLSA provenance, turning build attestations into cover for a wide-ranging, self‑propagating compromise. How the CI chain was abused end to end The intrusion began […]
California regulators have fined General Motors $12.75 million and imposed strict controls after finding the company sold OnStar driving data without consent. The settlement — the state’s first major enforcement action explicitly aimed at data-minimization failures by an automaker — requires deletion deadlines, a five-year sales ban to certain buyers, and ongoing compliance reporting. How […]
TrickMo.C, first observed in early 2026, is not a routine update to a banking trojan. The operators have rebuilt it as a platform that runs a local TON (The Open Network) proxy on compromised Android phones and routes command-and-control traffic through encrypted .ADNL addresses. That redesign converts infected devices into covert, remotely programmable network nodes […]
The recent MacSync campaign used hijacked Google Ads and user-generated pages on Claude.ai to trick people into pasting obfuscated shell commands into Terminal, delivering a polymorphic infostealer that harvests Keychain items, browser cookies, and crypto keys. Below are the attack’s mechanics, quick checks you can run now, and concrete operational steps for teams and users. […]
Between May 6 and May 7, 2026, attackers exploited an unpatched CMS vulnerability on the JDownloader website to swap two download links—Windows “Alternative Installer” and the Linux shell installer—with malicious files. The installers distributed during that window contained a PyInstaller-wrapped Python RAT for Windows and a shell-driven installer on Linux that installed SUID-root ELF binaries […]
In May 2026, a typosquatted Hugging Face repository—Open-OSS/privacy-filter—distributed a loader that ultimately installed a Rust-based credential stealer on Windows machines; the repo was downloaded over 200,000 times before removal. For teams that pull community models into development or production, this incident reframes the threat: attackers can hide executable installers in model repos, not just poison […]
GeForce NOW breach limited to Armenian partner GFN.am, not NVIDIA’s core systems NVIDIA confirmed a data breach affecting only its Armenian GeForce NOW partner, GFN.am, and said the company’s core, globally managed systems were not compromised. The incident—dated March 20–26, 2026—exposed personal user records held by the regional operator but did not include passwords or […]
ShinyHunters claims it extracted roughly 3.65 TB of data from Instructure’s systems, affecting about 275 million people across nearly 9,000 institutions. This was not simply a broken Canvas instance: investigators say the attackers used compromised Salesforce credentials and API keys tied to Instructure’s SaaS stack, turning a single vendor compromise into a global extortion campaign. […]
Two critical Ivanti EPMM zero-days (CVE-2026-1281 and CVE-2026-1340) are being exploited in the wild to achieve unauthenticated remote code execution. Interim RPM patches stop the immediate attacks, but they must be re-applied after upgrades; a permanent fix is scheduled for EPMM 12.8.0.0 in Q1 2026. Observed exploitation and its immediate effects Attackers are sending simple, […]
Mozilla’s early access work with Anthropic’s Mythos model turned up 271 vulnerabilities in Firefox 150 — more than ten times the 22 issues Anthropic’s Opus 4.6 flagged in Firefox 148 — demonstrating a sharp jump in discovery rate that has immediate operational consequences for maintainers and defenders. What Mythos actually revealed in Firefox Mythos autonomously […]
A sophisticated, operator-run phishing campaign is using Google Ads to position Adversary-in-the-Middle (AiTM) pages in front of ManageWP and Google Ads users — a step beyond “simple” phishing that routinely defeats 2FA and abuses ad platform trust. What the attackers actually achieve and why a basic reading is wrong Rather than generic mass phishing, operators […]
