Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak
Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a public leak.
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.
Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.
Google Says Hackers Used AI to Develop a Zero-Day Exploit
Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.
Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams
Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme.
9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks.
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.
Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms
Matthew Knoot and Erick Prince have been jailed for 18 months each for helping North Korean hackers infiltrate US firms through remote laptop farms.