ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. [...]
Starr Insurance Discloses Ransomware Attack The HIPAA Journal
The health insurance company Starr Insurance has disclosed a ransomware attack and data breach. Data breaches have also been reported […] The post Starr Insurance Discloses Ransomware Attack appeared first on The HIPAA Journal.
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. [...]
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leve…
As part of Dark Reading's 20th anniversary celebration, its staff looks back on 20 of the biggest newmaking events from the past two decades that shaped our industry and the risk landscape for today's security teams.
In hard-to-detect attacks, hackers are dropping the CloudZ RAT and a fresh plugin, Pheno, to hijack the Windows-based bridge between PCs and smartphones.
Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. [...]
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno…
DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses.
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries …
As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. [...]
Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.
Daemon Tools users: It's time to check your machines for stealthy infections stat.
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. [...]
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]
A former Maryland hospital pharmacist who is alleged to have engaged in a multi-year cyber spying campaign is facing up […] The post Former Maryland Pharmacist Indicted Over 8-Year Cyber Spying Campaign appeared first on The HIPAA Journal.
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score…