Canvas Login Pages Are Defaced In Mass Extortion Campaign After Instructure Breach
The extortion group “ShinyHunters” defaced Canvas login pages with an extortion message demanding negotiation and payment by May 12, 2026.
Read MoreCybersecurity
Legitimate Apple Emails Are Being Abused In Callback Phishing
Scammers are delivering phishing content inside legitimate emails sent from Apple’s own infrastructure.
Read MoreThree Windows Zero-Days
Three Windows vulnerabilities have been recently discovered – BlueHammer, RedSun, and UnDefend.
Read MoreFake Claude Code Source Downloads Used to Push Vidar and GhostSocks Malware
A threat actor is using the recent Claude Code source leak by Anthropic on March 31st to lure users to a malicious GitHub repository that installs malware on their device.
Read MoreChrome Bug Lets Malicious Extensions Access Mic, Camera, And Files Through Gemini’s Permissions
Researchers disclosed a high-severity Chrome vulnerability, CVE-2026-0628, that allowed malicious browser extensions to inject code into Chrome’s Gemini Live browser panel and gain access to its privileges.
Read MoreConduent Breach Count Jumps From 10 Million to More Than 25 Million
A data breach of business services vendor Conduent has expanded from an early estimate of about 10.5 million people to more than 25 million affected across the United States.
Read MoreApple Fixes CVE-2026-20700 Zero-Day Across iOS and macOS Family
Apple has patched CVE-2026-20700, a memory corruption bug in dyld that was exploited in attacks. Install the latest updates across iOS, macOS and related platforms to patch.
Read MoreAI-Assisted Attack Takes AWS Environment Eight Minutes To Escalate Privileges To Admin
Sysdig researchers detail how attackers used an exposed AWS credential and AI tools to access full admin control in about eight minutes – and warn about cloud misconfigurations.
Read MoreWhisperPair Vulnerabilities Expose Most Bluetooth Headsets to Audio, Microphone, and Location Takeover
WhisperPair vulnerabilities in Google’s Fast Pair protocol let attackers silently hijack some Bluetooth audio devices – listening through microphones, controling audio, and in certain cases tracking a user’s location via Find Hub. Fixes are dependent on vendor firmware updates.
Read MoreCritical Apex Central RCE Fixed in Build 7190
Trend Micro has patched a critical RCE vulnerability in Apex Central – plus two Denial-of-Service bugs. Update to Build 7190 as soon as possible.
Read More