In early May 2026, ShinyHunters breached Instructure’s Canvas LMS by abusing the Free-For-Teacher (FFT) account program, triggering an active extortion campaign and exposing student and faculty data across thousands of schools worldwide. ShinyHunters claimed responsibility on 3 May and published…
Instagram removed end-to-end encryption for DMs. What should users do?
Instagram removes direct messages (DM) end-to-end encryption May 8, 2026, letting Meta access chats. Users should download backups amid privacy concerns and U.S. law pressure. Starting May 8, 2026, Instagram users who previously enabled end-to-end encryption in direct messages will…
JDownloader Downloader Hacked to Infect Users With New Python RAT
JDownloader, the popular open-source download manager trusted by millions of users worldwide, was at the center of a serious supply chain attack in early May 2026. Attackers quietly compromised the official jdownloader.org website and replaced legitimate installer download links with…
A week in security (May 4 – May 10)
A list of topics we covered in the week of May 4 to May 10 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (May 4 – May 10)
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers. The post Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
IT Security News Hourly Summary 2026-05-11 09h : 3 posts
3 posts were published in the last hour 7:4 : Meta Challenges Ofcom Over Online Safety Act 7:4 : Weaponized JPEG file Drops Trojanized ScreenConnect Malware 7:4 : Windows CreateFileW API Flaw Could Let Attackers Lock SMB Files at Scale
Meta Challenges Ofcom Over Online Safety Act
Facebook parent Meta launches High Court challenge to Ofcom’s ‘disproportionate’ structure of fees and potential fines This article has been indexed from Silicon UK Read the original article: Meta Challenges Ofcom Over Online Safety Act
Weaponized JPEG file Drops Trojanized ScreenConnect Malware
Hackers are abusing a weaponized JPEG file to quietly install a trojanized version of the ConnectWise ScreenConnect remote‑access tool on Windows systems, enabling full surveillance, credential theft, and long‑term control over compromised networks. The campaign shows how a simple‑looking image…
Windows CreateFileW API Flaw Could Let Attackers Lock SMB Files at Scale
The multi-billion-dollar ransomware defence industry operates on a fundamental assumption: to cause catastrophic operational damage, malicious actors must write corrupted data to a disk. However, a newly disclosed attack technique, GhostLock, completely invalidates this foundational premise by demonstrating how threat…
ODINI Malware Uses CPU Magnetic Signals to Exfiltrate Data from Air-Gapped Systems
Air-gapped systems and Faraday cages have long represented the gold standard for protecting critical infrastructure and sensitive military networks. However, a groundbreaking threat known as ODINI demonstrates that even these extreme isolation measures can be compromised. Researchers have developed a…
macOS Malware Abuses Google Ads and Claude Shared Chats to Deliver Payloads
Threat actors are deploying a sophisticated malvertising campaign targeting macOS users by exploiting Google Ads and legitimate Anthropic Claude shared chats. Security researcher Berk Albayrak uncovered this novel attack chain on May 10, which distributes a variant of the MacSync…
Rustinel: Open-source endpoint detection for Windows and Linux
Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel,…
Review: Foundations of Cybersecurity, 2nd edition
Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the…
JDownloader Hack Spreads New Python RAT
The official JDownloader website fell victim to a sophisticated supply-chain attack, resulting in malicious installers being distributed to users worldwide. Attackers exploited an unpatched vulnerability in the site’s content management system to redirect specific download links from legitimate JDownloader installers…
New cPanel and WHM Vulnerabilities Expose Servers to Code Execution and DoS Attacks
cPanel and WebHost Manager (WHM) are critical administrative control panels used by hosting providers globally to manage servers, websites, and databases. Due to their widespread deployment, vulnerabilities in these platforms immediately become high-value targets for threat actors. On May 8,…
ODINI Malware Exploits CPU Magnetic Emissions to Breach Faraday-Shielded Air-Gapped Computers
ODINI is a sophisticated proof-of-concept malware capable of extracting sensitive information from air-gapped computers protected by Faraday cages. By modulating the targeted computer’s CPU workload to generate low-frequency magnetic fields, this covert channel successfully transmits data through advanced physical isolation…
Top 10 Best Interactive Malware Analysis Tools in 2026
As we navigate through 2026, the cybersecurity landscape has never been more complex. Threat actors are actively leveraging advanced AI, highly evasive techniques, and fileless architectures to bypass traditional security controls. For security operation centers (SOCs), incident responders, and threat…
10 Best Full Disk Encryption Tools in 2026
Full Disk Encryption (FDE) is a security feature that encrypts the entire contents of a disk drive, ensuring that all data stored on the drive is protected from unauthorized access, even if the device is physically stolen. FDE uses robust…
Security teams are turning to AI to survive alert overload
The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with much…
Top 10 Best DevSecOps Companies For Secure SDLC 2026
In the fast-paced world of software development, where agility and speed are paramount, security often struggles to keep pace. The traditional “bolt-on” security approach, where security checks are performed at the end of the Software Development Life Cycle (SDLC), is…
Top 10 Best Secure Code Review Services For Developers in 2026
In the rapidly evolving landscape of software development, where speed and agility often take precedence, the imperative for robust security cannot be overstated. With cyber threats becoming increasingly sophisticated and the attack surface expanding due to complex architectures and interconnected…
Canvas Breach Exposes 275M Accounts | AI Targets Water Systems | GM OnStar Settlement
A massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure’s Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million…
IT Security News Hourly Summary 2026-05-11 06h : 2 posts
2 posts were published in the last hour 4:2 : Over 500 Organizations Hit in Years-Long Phishing Campaign 4:2 : U.S. Marines Reportedly Targeted by Iranian-Linked Hackers in New Data Exposure Incident
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit in Years-Long Phishing Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Over…