Canvas Login Pages Are Defaced In Mass Extortion Campaign After Instructure Breach
The extortion group “ShinyHunters” defaced Canvas login pages with an extortion message demanding negotiation and payment by May 12, 2026.
Read MoreSoftware
Three Windows Zero-Days
Three Windows vulnerabilities have been recently discovered – BlueHammer, RedSun, and UnDefend.
Read MoreGoogle Adds Gmail’s E2EE To Mobile Devices
Google has expanded Gmail’s end-to-end encryption from Desktop to Android and iOS.
Read MoreFirefox Adds A Free Built-In Browser VPN In its 149 Update, With A 50GB Monthly Cap
Mozilla has rolled out a built-in VPN in Firefox 149 that provides up to 50GB of traffic per month for users signed in with a Mozilla account.
Read MoreMicrosoft Halts Forced Copilot Installs
Microsoft has temporarily stopped the planned automatic installation of the Copilot app on Windows devices with 365 desktop apps. Existing installs remain in place, and admins can still deploy the app manually.
Read MoreChrome Bug Lets Malicious Extensions Access Mic, Camera, And Files Through Gemini’s Permissions
Researchers disclosed a high-severity Chrome vulnerability, CVE-2026-0628, that allowed malicious browser extensions to inject code into Chrome’s Gemini Live browser panel and gain access to its privileges.
Read MoreApple Fixes CVE-2026-20700 Zero-Day Across iOS and macOS Family
Apple has patched CVE-2026-20700, a memory corruption bug in dyld that was exploited in attacks. Install the latest updates across iOS, macOS and related platforms to patch.
Read MoreWindows 11 January Update: PCs Can’t Shut Down
A January 2026 Windows 11 update (KB5073455) is causing some Secure Launch enabled Enterprise and IoT devices to restart instead of shutting down or hibernating. A similar update causes Outlook to freeze as well.
Read MoreCritical Apex Central RCE Fixed in Build 7190
Trend Micro has patched a critical RCE vulnerability in Apex Central – plus two Denial-of-Service bugs. Update to Build 7190 as soon as possible.
Read MoreHashJack Indirect Prompt Injection Targets AI Browser Assistants
HashJack is a new indirect prompt injection technique that hides malicious instructions in URL fragments, so AI browser assistants – not the website – execute the attacker’s commands.
Read More