Threat Intel

Tue, 12 May 2026 16:54:03 -0400

Apple’s iOS 26.5 Update Patches More Than 50 Security Flaws - MacRumors

Apple’s iOS 26.5 and iPadOS 26.5 updates resolve over 50 security vulnerabilities, including issues related to WebKit, kernel performance, and system applications. Users are encouraged to install these patches promptly to protect their devices from potential exploits.

Tue, 12 May 2026 12:38:03 -0400

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure, the parent company of Canvas, has reached an agreement with the ShinyHunters extortion group to prevent the leak of 3.65TB of stolen data, which impacted nearly 9,000 organizations. The company paid a ransom, received the data back, and was assured that its customers would not be separately extorted.

Mon, 11 May 2026 15:06:25 -0400

Deadline set by cybercriminal group looms as some institutions regain Canvas access - ABC News

Some Australian universities and education departments are regaining access to the Canvas learning platform after a global outage caused by the ShinyHunters hacking group, who have set a deadline of Tuesday to negotiate a settlement before leaking compromised information. While some institutions like the University of Sydney have restored access, others, including Swinburne University and Queensland University of Technology, are still affected, impacting students' ability to access materials and submit assignments.

Mon, 11 May 2026 09:01:36 -0400

Say Hello to the Internet of AI – On my Om

The “Internet of AI” is an emerging network architecture optimized for artificial intelligence, characterized by a shift in traffic patterns within data centers from north-south to east-west, and significant hyperscaler investment in private fiber networks and subsea cables. This new infrastructure prioritizes power and bandwidth for AI workloads, with hyperscalers increasingly controlling the physical network layers, akin to 19th-century railroad barons.

Sun, 10 May 2026 14:09:47 -0400

WWE Star Will Not be Suspended For Lewd Photo Leaks

Despite a lewd photo leak of explicit images and videos shared online without her consent, WWE star Jordynne Grace will not be suspended. The private images were illegally leaked by hackers and were not from her OnlyFans account, leading WWE to not penalize her. Grace is not the only WWE star to fall victim to hacking, with Paige previously experiencing a similar incident.

Fri, 08 May 2026 12:43:45 -0400

Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware

Hackers are exploiting Hugging Face and ClawHub, popular AI platforms, to distribute malware like trojans, cryptominers, and infostealers by disguising them as legitimate AI tools and agent extensions. This campaign involves over 575 malicious skills published on ClawHub, with threat actors using techniques like indirect prompt injection to execute hidden malicious instructions within AI agents.

Fri, 08 May 2026 12:41:36 -0400

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

A third-party security incident involving a former technology provider exposed the data of nearly 197,000 Zara customers, including emails and purchase history. The ShinyHunters extortion group claimed responsibility for the breach, which exploited compromised Anodot analytics platform tokens.

Fri, 08 May 2026 12:40:33 -0400

New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server

A new malware named ZiChatBot is exploiting Zulip’s REST APIs for its command and control server, making it harder to detect. This malware was distributed through malicious Python packages on PyPI and targets both Windows and Linux systems.

Fri, 08 May 2026 12:39:06 -0400

Anthropic’s Claude used in attempted compromise of Mexican water utility | Cybersecurity Dive

An unknown threat group abused Anthropic’s Claude AI to aid in a sophisticated takeover attempt against a Mexican water utility, highlighting how AI tools can empower untrained actors. The incident, part of a larger campaign targeting Mexican government agencies, saw attackers use Claude and OpenAI’s GPT-4.1 AP for reconnaissance, exploit customization, and privilege escalation, though the OT system breach ultimately failed.

Fri, 08 May 2026 12:38:00 -0400

GitHub - thechosenone-shall-prevail/cold-relay: Cold Relay is a single-binary Active Directory security assessment tool that collects Windows authentication evidence across LDAP, Kerberos, SMB, DNS, GPO, delegation, certificate services, and more turning evidence into deterministic findings with an offline attack graph. · GitHub

Cold Relay is a single-binary Active Directory security assessment tool that collects Windows authentication evidence across various protocols and services to build a deterministic attack graph. It provides findings with validation status, evidence, blockers, and next actions, differentiating between proven facts and theoretical possibilities.

Fri, 08 May 2026 12:36:18 -0400

60% of MD5 password hashes are crackable in under an hour

A recent study found that 60% of MD5 password hashes can be cracked in under an hour using a single GPU, with 48% cracked in under a minute, highlighting the vulnerability of passwords protected only by fast hashing algorithms. Experts emphasize that passwords should be part of a broader identity-based security strategy, including multi-factor authentication and zero trust models, rather than relied upon as the sole security measure.

Fri, 08 May 2026 12:35:28 -0400

‘The Biggest Student Data Privacy Disaster in History’: Canvas Hack Shows the Danger of Centralized EdTech

A Canvas hack by ransomware group ShinyHunters has resulted in the theft of billions of messages and the data of over 275 million individuals, including student names, email addresses, and student ID numbers. This incident, described as the biggest student data privacy disaster in history, highlights the risks of centralizing sensitive educational data in a single platform, potentially enabling more targeted phishing attacks and exposing deeply personal student information.

Fri, 08 May 2026 12:34:03 -0400

Quacc++ | Open Source Vulnerability Research Tool Powered by Semgrep & Grep.app — Somerset Recon

Quacc++ is an automated bug hunting tool that combines grep.app for searching public GitHub repositories with Semgrep for static code analysis to discover vulnerabilities. It scans repositories for specific patterns, downloads matching code, and uses Semgrep with custom rules to precisely identify security flaws.

Fri, 08 May 2026 12:31:34 -0400

NVIDIA confirms GeForce NOW data breach affecting Armenian users

NVIDIA has confirmed a data breach affecting GeForce NOW users, specifically impacting those in Armenia. The breach was caused by a compromise of infrastructure operated by a regional partner, GFN.am, and did not affect NVIDIA’s own networks. Exposed information includes names, email addresses, usernames, and dates of birth, though no account passwords were compromised.

Fri, 08 May 2026 12:29:21 -0400

U of T, OCAD among Ontario universities impacted by Canvas cyber breach | CBC News

Thousands of schools, including University of Toronto and OCAD University, were impacted by a cybersecurity incident involving the Canvas learning software. While names, emails, and student numbers may have been affected, Instructure, Canvas’s parent company, stated there was no evidence of passwords or financial information being compromised.

Thu, 07 May 2026 19:00:55 -0400

[Hackers hack victims hacked by other hackers

| TechCrunch](https://techcrunch.com/2026/05/07/hackers-hack-victims-hacked-by-other-hackers/)

Thu, 07 May 2026 15:22:00 -0400

Coinbase Cuts 700 Jobs Before Q1 Earnings in AI Pivot

Coinbase is cutting 700 employees, or 14% of its workforce, as CEO Brian Armstrong pivots the company towards AI and leaner management structures, citing cost reductions and weak market conditions. This move occurs just before the company’s Q1 earnings report, following a significant net loss in Q4 2025.

Thu, 07 May 2026 15:19:49 -0400

Enterprise AI deployment is rewriting the security rulebook - SiliconANGLE

Enterprise AI deployment significantly expands the cybersecurity attack surface, making traditional defenses inadequate for new targets like data pipelines and model training environments. Security must be integrated from the outset of AI projects to avoid costly halts, with approaches like Dell’s treating the AI factory as a single, integrated security surface.

Thu, 07 May 2026 15:18:08 -0400

Australia warns of ClickFix attacks pushing Vidar Stealer malware

The Australian Cyber Security Center (ACSC) has issued a warning about ClickFix attacks that are distributing the Vidar Stealer malware. These attacks trick users into executing malicious PowerShell commands through fake verification prompts, leading to the theft of sensitive information like passwords and cryptocurrency. ACSC recommends restricting PowerShell execution, implementing application allow-listing, and keeping WordPress sites updated to mitigate these threats.

Thu, 07 May 2026 15:17:27 -0400

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

The U.S. CISA has added a zero-day vulnerability (CVE-2026-6973) in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch by May 10, 2026. This flaw, requiring admin privileges, allows for arbitrary code execution and is already being exploited.

Thu, 07 May 2026 15:16:14 -0400

New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework named PCPJack is actively stealing credentials from exposed cloud infrastructure and is designed to remove TeamPCP infections. It targets services like Docker, Kubernetes, and MongoDB, and researchers believe it may be operated by a former TeamPCP affiliate.

Thu, 07 May 2026 15:14:13 -0400

80% of CEOs worry their job is at risk if AI fails this year - Fast Company

A new survey reveals that 80% of CEOs believe their job is at risk if AI initiatives fail this year, with 72% of U.S. CEOs feeling pressure from their boards to demonstrate AI-driven ROI. Despite concerns about over-investment, 87% of global CEOs acknowledge their roles are dependent on the success of AI.

Mon, 04 May 2026 15:24:15 -0400

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package, version 2.6.3, was found to contain a credential stealer that targets browsers, environment files, and cloud services. The package, which has over 11 million downloads, automatically downloads and executes a JavaScript payload upon import, potentially compromising secrets, keys, and tokens.

Mon, 04 May 2026 15:22:36 -0400

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

A phishing campaign named VENOMOUS#HELPER has impacted over 80 organizations by using legitimate Remote Monitoring and Management (RMM) tools like SimpleHelp and ScreenConnect to gain persistent remote access. The campaign begins with a phishing email impersonating the U.S. Social Security Administration, leading victims to download an executable that installs the RMM software, enabling attackers to control compromised hosts.

Mon, 04 May 2026 15:21:26 -0400

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks - SecurityWeek

Cisco is acquiring Astrix Security to address the growing risks associated with non-human identities (NHIs) like API keys and service accounts, which are increasingly used by AI agents. This acquisition aims to extend zero trust principles to the expanding agentic workforce and integrate Astrix’s technology for discovering, governing, and securing these identities into Cisco’s security platform.