Collecting Cyber-News from over 60 sources

Tag: breach

Instructure hacker claims data theft from 8,800 schools, universities

May 5, 2026 11:47 PM

Tags: breach, data, hacker, technology, theft

The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/
Vimeo confirms breach via third-party vendor impacts 119K users

May 5, 2026 11:47 PM

Tags: breach, data, data-breach, hacker

Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
Trellix Source Code Breach Highlights Growing Supply Chain Threats

May 5, 2026 11:47 PM

Tags: breach, control, detection, supply-chain, threat

Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trellix-source-code-breach-supply-chain-threats
Vimeo confirms breach via third-party vendor impacts 119K users

May 5, 2026 10:48 PM

Tags: breach, data, data-breach, hacker

Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
Proof of Concept: Anatomy of a Breach – Cyber Readiness

May 5, 2026 10:48 PM

Tags: attack, breach, cyber, governance, identity

Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
Vimeo confirms breach via third-party vendor impacts 119K users

May 5, 2026 9:48 PM

Tags: breach, data, data-breach, hacker

Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
Trellix investigating breach of source code repository

May 5, 2026 5:49 PM

Tags: breach, cybersecurity, exploit

The cybersecurity company said there is no immediate evidence of code being exploited or released. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/trellix-investigating-breach-source-code-repository/819327/
Hackers steal students’ data during breach at education tech giant Instructure

May 5, 2026 5:49 PM

Tags: breach, data, data-breach, hacker

The data breach at education tech giant Instructure includes students’ private data, according to a sample of the allegedly stolen data seen by TechCrunch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/
Vimeo data breach exposes personal information of 119,000 people

May 5, 2026 3:48 PM

Tags: breach, data, data-breach, extortion, hacking, service

The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/
AI finds 20-year-old bugs in PostgreSQL and MariaDB

May 5, 2026 2:48 PM

Tags: ai, breach, credentials, cve, exploit, flaw, github, injection, nist, rce, remote-code-execution, sql, vulnerability

Inadequate JSON parsing allowed RCE on the MariaDB server: In MariaDB, a buffer overflow bug, tracked as CVE-2026-32710, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.Compared to the PostgreSQL flaws, exploitation here is…
Trellix Reveals Unauthorized Access to Source Code

May 5, 2026 11:47 AM

Tags: access, breach, unauthorized

Security vendor Trellix has suffered a breach involving unauthorized access First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trellix-reveals-unauthorized/
Educational tech firm Instructure data breach may have impacted 9,000 schools

May 5, 2026 10:48 AM

Tags: breach, cyber, cybersecurity, data, data-breach, incident, technology

Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS). The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external…
The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using >>Old<< Exploits

May 5, 2026 9:48 AM

Tags: breach, exploit, government

The post The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using >>Old<< Exploits appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/shadow-earth-053-china-apt-shadowpad-proxylogon-espionage/
DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates

May 5, 2026 7:48 AM

Tags: attack, breach, cyber, hacker, malicious, malware

DigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the >>Zhong Stealer<< malware, allowing the malicious files to bypass security warnings by appearing as legitimate software. The incident…
Everest Group Begins Leaking Alleged Liberty Mutual Data

May 5, 2026 1:48 AM

Tags: breach, cybercrime, data, group, ransomware

Cybercrime Gang Claims to Have 108-Gbyte Trove of Insurer’s Files, Folders. Ransomware gang Everest Group claims to have stolen more than 108 gigabytes of data- including policyholder details – belonging to insurer Liberty Mutual. The cybercrime group began leaking the company’s alleged data on Monday afternoon, saying the insurer failed to respond to the gang’s…
The AI Vulnerability Storm Is Here. Is Your Security Program Breach Ready?

May 4, 2026 7:49 PM

Tags: ai, attack, breach, cybersecurity, vulnerability

How a new class of AI-powered attacks is redrawing the rules of cybersecurity, and why the organizations that survive will be those that build for containment, not just prevention. There is a moment in every technological shift when the future stops being theoretical and starts breaking things. For cybersecurity, that moment arrived on April 7,……
Canvas Breach May Put 275M Users, 9,000 Schools at Risk

May 4, 2026 7:49 PM

Tags: breach, hacker, risk

Instructure confirms a Canvas breach involving user information and messages as hackers claim 275M users and nearly 9,000 schools were affected. The post Canvas Breach May Put 275M Users, 9,000 Schools at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-canvas-instructure-breach-275m-users/
Trellix discloses data breach after source code repository hack

May 4, 2026 6:48 PM

Tags: access, breach, cybersecurity, data, data-breach

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

May 4, 2026 6:48 PM

Tags: ai, android, breach, control, exploit, github, linux, open-source, phishing, rce, remote-code-execution, saas, tool

This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Ransomware group claims breach of pro-OrbÃ¡n Hungarian media firm

May 4, 2026 5:48 PM

Tags: breach, data, group, ransomware, unauthorized

Mediaworks confirmed the incident on Friday, warning that “a significant amount of illegally obtained data may have come into the possession of unauthorized persons.” First seen on therecord.media Jump to article: therecord.media/ransomware-group-claims-breach-of-pro-orban-media-firm
ShinyHunters Claims Responsibility for Breach of EdTech Company Instructure

May 4, 2026 4:49 PM

Tags: attack, breach, email, extortion, group

The prolific extortion group ShinyHunters claimed responsibility for the breach of Edtech vendor Instructure’s systems, stealing 3.65 TB of sensitive information, including names, email addresses, and messages of students, teachers, and others. ShinyHunters also reportedly behind an early attack of Instructure in September 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/shinyhunters-claims-responsibility-for-breach-of-edtech-company-instructure/
They don’t hack, they borrow: How fraudsters target credit unions

May 4, 2026 4:49 PM

Tags: breach, business, exploit, fraud, hacking

Fraudsters aren’t hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/they-dont-hack-they-borrow-how-fraudsters-target-credit-unions/
Thousands of Facebook accounts stolen by phishing emails sent through Google

May 4, 2026 3:48 PM

Tags: breach, email, google, hacker, phishing

In an ongoing operation, hackers are hijacking Facebook accounts using Google AppSheet to send phishing emails that pass security checks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/thousands-of-facebook-accounts-stolen-by-phishing-emails-sent-through-google/
Canvas Confirms Data Breach Following ShinyHunters Claim

May 4, 2026 3:48 PM

Tags: breach, cyber, data, data-breach, group, technology, threat

Instructure, the educational technology company behind the widely used Canvas Learning Management System (LMS), has officially confirmed a major data breach. This confirmation directly follows recent claims made by the notorious threat actor group known as ShinyHunters. Canvas is a critical platform for thousands of universities and K-12 schools, making this breach a significant concern…
Webinar: Why MSPs must rethink security and backup strategies

May 4, 2026 2:49 PM

Tags: backup, breach, msp, resilience, saas, strategy

Security breaches don’t just test your defenses”, they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-why-msps-must-rethink-security-and-backup-strategies/
Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later

May 4, 2026 2:49 PM

Tags: attack, breach, ransomware, unauthorized

What happened A ransomware attack on Sandhills Medical Foundation, a Federally Qualified Community Health Center in McBee, South Carolina, is now the subject of a class action investigation, nearly a year after the incident was first discovered. Sandhills Medical discovered the ransomware attack on May 8, 2025. A forensic investigation determined that an unauthorized third…The…
Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers

May 4, 2026 2:49 PM

Tags: breach, cyberattack, data, data-breach, finance, group, office, ransomware

What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office,…The…
Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure

May 4, 2026 2:49 PM

Tags: breach, cybersecurity, ibm, incident response, infrastructure

What happened A cybersecurity incident in late April 2026 targeted Sistemi Informativi, an Italian company wholly owned by IBM Italy that provides IT infrastructure management for public agencies and key private sector organizations. IBM confirmed the breach through an official statement, acknowledging it had identified and contained a cybersecurity incident and activated incident response protocols…The…