π¦Ώ Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Instructure reached a deal with the Canvas hackers after they claimed to have stolen data tied to nearly 9,000 schools and 275 million people. The post Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen
Instructure reached a deal with the Canvas hackers after they claimed to have stolen data tied to nearly 9,000 schools and 275 million people.
ποΈ New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation LPE vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE202646300 CVSS score 7.8 and is rooted in the Linux kernel's XFRM.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngxhttprewritemodule CVE202642945, CVSS v4 score 9.2 that could allow an attacker to achieve remote code execution or cause a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has unveiled a new multimodel artificial intelligence AIdriven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multimodel agentic scanning harness, is designed as a modelagnostic system that uses bespoke AI agents for different vulnerability.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A threat actor with affiliations to China has been linked to a "multiwave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderatetohigh confidence to a hacking group known as FamousSparrow aka UAT9244, which shares some level of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
TLDR Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your dataand how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Most Remediation Programs Never Confirm the Fix Actually Worked ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's MTrends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Android Adds Intrusion Logging for Sophisticated Spyware Forensics ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Tuesday unveiled a new optin Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacypreserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. The feature, it.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Canvas Maker Instructure Reaches Agreement With Cybercriminals
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
π Avada Builder Flaws Expose One Million WordPress Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Avada Builder Flaws Expose One Million WordPress Sites
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
π Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if thats what it took to help restore encrypted systems.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if thatβs what it took to help restore systems
π Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Global Cyber Agencies Issue New SBOMs for AI Guidance
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
π UK Cybersecurity Market Expands to Β£14.7bn with Strong Growth in AI Security Firms π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK cybersecurity sector reaches 14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Cybersecurity Market Expands to Β£14.7bn with Strong Growth in AI Se
Government trumpets double-digit growth in cybersecurity sector to reach nearly Β£15bn in 2025
π Microsoft Fixes 17 Critical Flaws in May Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has patched 120 vulnerabilities in this months security update round.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Fixes 17 Critical Flaws in May Patch Tuesday
Microsoft has patched 120 vulnerabilities in this monthβs security update round
π B2B Growth Marketing Manager (Events & Partnerships) π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post B2B Growth Marketing Manager Events Partnerships appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
B2B Growth Marketing Manager (Events & Partnerships) - UnderDefense
π Most Organizations Now Use AI Agents for Sensitive Security Tasks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Semperis study finds 74 of organizations believe AI will increase attacks on identity infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Most Organizations Use AI Agents for Sensitive Security Tasks
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure
π¦
Why Australian Dark Web Data Is Now Being Sold in Bundles β and What It Means for Organizational Exposure in 2026 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
In 2026, opportunistic assaults and isolated breaches will no longer characterize Australia's cyber risk environment. Industrialized data theft, in which stolen data is packaged, repackaged, and marketed on underground marketplaces, is influencing it. Threat actors are already combining Australian data into composite "breach packages," increasing both its commercial worth and its downstream danger, as opposed to singlecompany breaches occurring in isolation. This trend is also intensifying concerns around Australian dark web data, where aggregated breach packages are increasingly traded and monetized. This move has a direct impact on how exposed enterprises will be in 2026 and is not merely cosmetic rather, it represents a structural shift in how cybercriminal ecosystems monetiz...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Australian Dark Web Data Breaches Surge In 2025-2026
Australian dark web data is bundled and sold by ransomware groups, driving a sharp rise in breaches in 2025.
β€1
ποΈ Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zerodays involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework CTFMON. The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Industrial organizations under increasing fire as attackers target operational technology π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Firms continue to underestimate their operational technology exposure, NCC Group warns.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Industrial organizations under increasing fire as attackers target operational technology
Firms continue to underestimate their operational technology exposure, NCC Group warns