Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Critical OpenClaw Flaws Allow Persistent Access and Credential Abuse

  OpenClaw, a self-hosted AI agent runtime which has gained rapid adoption by enterprises, introduces a new type of security exposure for en...

All the recent news you need to know
Shiny Gang
Canva Education Instructure Privacy Shiny Gang

Hacker Claims of Stealing Data from 8,809 Education Institutes, Instructure Hacked


A hacker has claimed to compromise edtech giant Instructure, saying it stole over 280 million records of students and staff from around 8,809 school, colleges, and online education platforms.

About Instructure

It is a cloud based edtech company famous for its Canvas LMS which is used by education institutes to handle academic work like grading, communications, and assignments.

About the hack

Recently, Instructure revealed that it was hacked; emails, users' names and private conversations were leaked.

ShinyHunters gang the alleged culprit

The ShinyHunters extortion gang claimed responsibility for the attack and says it stole 280 million records for students, teachers, and staff.

Academia suffered damage

The threat actors have now published a list of 8,809 school districts, universities, and educational platforms whose Canvas instances were allegedly impacted by the attack, sharing record counts per institution with BleepingComputers.

According to Bleeping Computers, “the record counts for each educational institution range from tens of thousands to several million per institution.”

Attack tactic

The hacker claims that the data was stolen through Canvas. Instructure has not replied to Bleeping Computers’ emails, but a few universities have started releasing statements regarding the matter. “BleepingComputer is not naming specific organizations listed by the threat actor, as we have not independently verified whether they were impacted by the breach,” it said.

Bleeping Computers added that the “threat actor claims the data was stolen using Canvas data export features, including DAP queries, provisioning reports, and user APIs, and that they harvested hundreds of gigabytes of user records, messages, and enrollment data.”

Universities have spoken up

The University of Colorado Boulder warned that, “CU is aware of a data breach involving Instructure, the parent company of Canvas, our learning management system. This reported data breach is a nationwide event affecting multiple institutions.” 

Whereas Rutgers said it was not “notified of any direct impact to our campus. Canvas remains available and operational to Rutgers faculty, staff, and students.” 

Tilburg University warned that “investigation is currently underway to determine what exactly happened and which systems were affected. It has not yet been confirmed whether data of Tilburg University students and staff has been impacted. Further questions have been submitted to the supplier to obtain more clarity”

Read more »
Vulnerabilities and Exploits
Administrative Rights Copy Fail Kernel Bug Linux Kernel Vulnerabilities and Exploits

Linux Copy Fail Vulnerability Puts Major Systems at Risk

 

A critical Linux kernel vulnerability known as Copy Fail is drawing urgent attention because it can let a local, unprivileged attacker gain root access on affected systems. Security researchers say the issue affects many mainstream Linux distributions and can be abused without network access, which makes patching and temporary mitigation especially important for administrators. Security experts note that the easiest fix is to update the kernel to the latest patched version. 

Copy Fail is tracked as CVE-2026-31431 and centers on the Linux kernel’s algif_aead module, part of the AF_ALG cryptographic interface. The flaw stems from an in-place optimization introduced in 2017 that can be combined with splice() to perform a controlled write into the page cache of a readable file. In practice, that means an attacker could target a setuid binary such as /usr/bin/su and use the modified cached copy to obtain elevated privileges. 

The vulnerability is serious because it has been verified on several major Linux environments, including Ubuntu, Amazon Linux, RHEL, and SUSE, with kernels built since 2017. CERT-EU says that at the time of its advisory, no distribution had yet shipped a fixed kernel package, even though the upstream fix had already been committed. That delay means many systems may remain exposed until vendors roll out updates.

For now, the main mitigation is to update to a patched kernel as soon as one becomes available. Until then, CERT-EU recommends disabling algif_aead and unloading the module where possible, since the exploit depends on that path. In containerized or multi-tenant environments, blocking AF_ALG socket creation through seccomp can provide an additional layer of protection.

System administrators should treat Copy Fail as a high-priority kernel issue and check whether their environments use affected kernel versions. Because the attack can alter the cached copy of a binary rather than the file on disk, basic integrity checks may not reveal the problem immediately. The safest approach is to patch promptly, apply interim mitigations, and verify that the vulnerable module is no longer active.
Read more »
leaked sensitive data
Customer Data Data Breach Data Leak Data protection data security Hacking Attack Hacking Group leaked sensitive data

ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users

 

Early this year, Vimeo faced a security incident leading to the theft of personal details tied to over 119,000 people by the ShinyHunters hacking collective. Information on the leak became known via Have I Been Pwned, a service tracking compromised accounts, after examining the exposed records. 

Late last month, Vimeo revealed a security issue affecting its systems. The platform, known for hosting and streaming videos globally, serves many millions of active users. Access by unknown parties came via a flaw tied to Anodot. This firm provides tools that spot irregularities in data flows. Its technology connects directly into parts of Vimeo’s infrastructure. 

The event marks one point where external partnerships introduced risk. Details emerged only after internal reviews concluded. One thing became clear: the entry did not stem from inside Vimeo's own network. Instead, it traced back to how outside services link up. Security teams now examine how third-party integrations affect overall protection levels. 

Surprisingly, early reports showed hackers obtained technical data, video metadata, and titles - sometimes even user emails. Despite the breach, payment information, account passwords, and live session tokens stayed secure, according to internal confirmation. Throughout the event, Vimeo’s main system kept running smoothly, maintaining full service availability. Unexpectedly, operations continued without noticeable interference. 

Right away, Vimeo shut down every login linked to Anodeto stop any more unwanted entry once the break-in came to light. Instead of handling things alone, outside cyber experts joined to support the inquiry. At the same time, officials responsible for enforcing laws got word about what happened. Later, even so, the hackers released a huge 106GB collection of stolen files online when talks reportedly broke down. 

That data appeared on a hidden website used by the ShinyHunters crew, who stated weak login credentials tied to Anodot opened doors unexpectedly. From there, they moved into Vimeo's storage platforms - Snowflake and BigQuery - with little resistance. Some 119,200 individuals had their email addresses disclosed, along with names in certain instances, based on findings from Have I Been Pwned after reviewing the leaked data. 

Though the breach details have circulated, Vimeo hasn’t officially verified how many accounts were impacted. Inside these breaches, access began through deceptive emails or fake support calls tricking staff. Not long ago, compromised logins gave hackers entry to identity tools like Okta and Microsoft Entra. From there, movement spread toward customer relationship software, team messaging apps, file storage, design programs, help desks, and workplace productivity suites. Cloud infrastructure and subscription-based tech now draw more attention than before. 

Breach attempts often follow weak points in unified login setups across company networks. Though main networks stay secure, outside providers sometimes open doors hackers exploit. A breach in one connected service might unlock several company areas at once. Experts observe rising incidents targeting cloud logins and partner tools for this reason. Instead of attacking central defenses, intruders shift focus to these links. Sensitive client data ends up at risk even if primary infrastructure holds firm.  

Recently, ShinyHunters took credit for hacks spanning education, retail, health care, gaming, and government bodies. Vimeo's situation shows third-party links still pose steady threats to big digital services managing vast user information. Despite different targets, weak outside connections often open doors. One breach can ripple through many layers unexpectedly.
Read more »
Windows 11
attack surface reduction Bitdefender Cyber Attacks Cyber Threats Cybersecurity LOLBins PowerShell Windows 11

Trusted Tools Becoming the New Cybersecurity Threat, Says Bitdefender Report

 

Cybersecurity threats are evolving rapidly, and according to recent findings, attackers are increasingly relying on tools that organizations already trust. In its latest analysis, Bitdefender highlighted that modern cyberattacks often resemble routine administrative activity rather than traditional malware-based intrusions.

In the earlier report titled “Your Biggest Security Risk Isn't Malware — It's What You Already Trust,” Bitdefender explained how commonly used utilities such as PowerShell, WMIC, netsh, Certutil, and MSBuild have become popular among cybercriminals. These tools are regularly used by IT teams for legitimate purposes, making malicious activity harder to detect. The company revealed that legitimate-tool misuse was identified in 84% of 700,000 high-severity incidents analyzed.

To help organizations address this growing concern, Bitdefender introduced a complimentary Internal Attack Surface Assessment program. Designed for companies with 250 or more employees, the 45-day assessment aims to identify risky tools, users, and endpoints that could potentially be exploited by attackers while ensuring normal business operations remain unaffected.

The company noted that a standard Windows 11 installation includes 133 unique living-off-the-land binaries (LOLBins) across 987 instances. In addition, Bitdefender Labs found that PowerShell was active on 73% of endpoints, often running silently through third-party applications. According to the report, this indicates that the issue is less about malware and more about excessive permissions and unrestricted tool access.

Industry trends also point toward a shift in cybersecurity strategy. Gartner predicts that preemptive cybersecurity measures will account for 50% of IT security spending by 2030, compared to less than 5% in 2024. It also forecasts that 60% of large enterprises will adopt dynamic attack surface reduction technologies by 2030, up from less than 10% in 2025.

The Internal Attack Surface Assessment operates in four phases over approximately 45 days using GravityZone PHASR, Bitdefender’s proactive hardening and attack surface reduction technology.

The process begins with behavioral learning, where PHASR studies activity patterns for each machine-user combination over roughly 30 days. Organizations then receive an Attack Surface Dashboard featuring an exposure score between 0 and 100, along with prioritized findings related to living-off-the-land binaries, remote administration tools, tampering utilities, cryptominers, and piracy software.

An optional reduction phase allows businesses to apply restrictions either manually or through PHASR’s Autopilot feature. Employees can request restored access through a built-in one-click approval system. The final review measures how much the organization’s attack surface has been reduced and identifies any unauthorized applications or shadow IT risks discovered during the process.

Bitdefender stated that some early-access customers managed to reduce their attack surface by more than 30% within the first month, while one organization reportedly achieved nearly 70% reduction after restricting LOLBins and remote administration tools.

The assessment is intended to benefit multiple stakeholders within an organization. CISOs receive measurable exposure data suitable for board-level reporting, while SOC teams and IT administrators can potentially reduce investigation workloads by eliminating unnecessary suspicious activity. Business leaders may also benefit from documented security improvements that align with regulatory, auditing, and cyber-insurance expectations.

Bitdefender concluded that security risks are no longer solely external threats but often exist within existing systems and trusted tools already present in enterprise environments
Read more »
UK government
Breaches Cyber Security IT Departments sensitive data UK government

Cybersecurity Can No Longer Be Left to IT Teams Alone, Experts Warn

 



As cyber attacks continue to grow in frequency and complexity, organizations are facing increasing pressure to rethink who should be responsible for protecting their systems, operations, and sensitive data. Security experts say cybersecurity is no longer simply an IT issue. Instead, it has become a business-wide responsibility that requires involvement from leadership teams, employees, and external security partners alike.

The discussion comes at a time when cyber threats are affecting organizations at an alarming scale. According to the UK Government’s Cyber Security Breaches Survey 2025/2026, 43% of businesses and 28% of charities reported experiencing cybersecurity breaches or attacks during the past year. The numbers were considerably higher among medium-sized businesses, where 65% faced incidents, and large enterprises, where the figure rose to 69%. High-income charities were also heavily targeted, with 34% reporting attacks.

Phishing continued to dominate as the most common threat. The survey found that 93% of affected businesses and 95% of impacted charities encountered phishing-related attacks. These scams often involve deceptive emails, fake websites, fraudulent login portals, or impersonation attempts designed to steal credentials and sensitive information. Other cyber threats, including malware infections and digital impersonation schemes, also remain a persistent concern for organizations.

The financial damage linked to cybercrime is equally significant. Research associated with cybersecurity company ESET estimated that cyber attacks cost UK businesses nearly £64 billion annually, highlighting the growing economic impact of digital threats.

With risks continuing to escalate, many organizations are reassessing who should oversee cybersecurity strategy and decision-making. Experts say there is no universal model, as responsibility often depends on a company’s size, structure, industry requirements, and risk exposure.

In smaller businesses, cybersecurity duties are frequently managed by IT managers or internal technology teams. However, industry specialists warn that relying solely on technical departments may create gaps between security planning and broader business objectives. As organizations expand, many experts believe cybersecurity leadership should move closer to executive management.

Durgan Cooper, director at CETSAT, emphasized that cybersecurity accountability should ultimately rest with senior leadership or board-level executives. According to Cooper, effective protection requires coordination between technical teams, company leadership, and third-party partners while ensuring that security priorities align with organizational goals.

Within larger enterprises, cybersecurity responsibilities are commonly led by Chief Information Security Officers, often working alongside Chief Information Officers and other senior executives. Spencer Summons, founder of Opliciti, stated that organizations need cybersecurity leaders capable of understanding evolving threats, communicating risks clearly to boards, and integrating security into long-term business planning. He also noted that sectors such as healthcare and finance face additional regulatory pressure that makes executive oversight even more important.

Cybersecurity professionals increasingly stress that protecting organizations cannot remain the responsibility of a single department. Matthew Riley, European Head of Information Security at Sharp Europe, recommended that businesses establish clear governance frameworks defining who is responsible for different security tasks. Many companies now rely on systems such as RACI matrices, which identify who is responsible, accountable, consulted, and informed during cybersecurity operations and incident response.

Experts caution that assigning cybersecurity entirely to IT departments may leave important business risks overlooked. At the same time, distributing responsibility too broadly can weaken accountability and slow decision-making during critical incidents. Instead, many specialists advocate a shared-responsibility culture where cybersecurity awareness is integrated across the entire organization.

The growing intensity of cyber attacks has also increased pressure on cybersecurity professionals themselves. Security teams are now managing ransomware campaigns, phishing attacks, supply chain compromises, and AI-assisted threats at an unprecedented pace, often with limited staffing and resources. Experts say spreading cybersecurity awareness and responsibilities throughout the organization can help reduce burnout while improving overall resilience.

Thom Langford, EMEA Chief Technology Officer at Rapid7, argued that cybersecurity must become part of every business function rather than remaining isolated within security teams. According to Langford, organizations are more resilient when employees across all levels actively participate in protecting systems and identifying suspicious activity.

Industry leaders also believe executive involvement plays a decisive role in cybersecurity effectiveness. Specialists from Qualys noted that Chief Information Security Officers should ideally report directly to CEOs or boards rather than operating solely under IT leadership. This structure helps organizations approach cybersecurity as a broader business risk issue instead of treating it purely as a technical challenge.

Alongside internal leadership, many businesses are increasingly turning to external cybersecurity providers for additional expertise and support. Outsourcing security operations can help companies address skill shortages and resource limitations, but experts warn that organizations must still maintain strategic oversight. Businesses are advised to conduct thorough vendor assessments, establish strong service-level agreements, and continuously monitor external providers to reduce operational risks.

Security specialists say outsourcing works most effectively when external consultants collaborate closely with internal teams instead of replacing them entirely. Maintaining internal visibility and control remains critical for ensuring cybersecurity strategies stay aligned with company objectives.

As cyber threats continue growing, experts increasingly agree that cybersecurity ownership cannot rest with one person alone. Effective security strategies require executive accountability, technical expertise, employee participation, and continuous collaboration across departments and external partners. Organizations that treat cybersecurity as a company-wide responsibility rather than a siloed IT function are likely to be better prepared for the growing challenges of the modern digital threat environment.

Read more »
student data leak
Canvas LMS hack Cybersecurity Incident Data Breach Instructure data breach ShinyHunters cyberattack student data leak

Instructure Confirms Data Breach as ShinyHunters Claims Responsibility

 

Educational technology company Instructure has confirmed that user data was compromised following a cyberattack, while the cybercriminal group ShinyHunters has claimed responsibility for the breach.

The U.S.-based firm is widely recognized for developing Canvas, a popular learning management platform used by schools, universities, and organizations to manage online coursework, assignments, and communication.

The company revealed on Friday that it had experienced a cybersecurity incident and had begun an investigation with the assistance of third-party cybersecurity specialists and law enforcement authorities. A follow-up statement issued on Saturday confirmed that certain user information had been exposed during the breach.

"While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users," reads the updated statement.

"At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions."

As part of its mitigation efforts, Instructure said it has implemented security patches, enhanced monitoring systems, and rotated application keys as a preventive measure. Customers have also been instructed to re-authorize access to the company’s API so that new application keys can be issued.

Although the company has not publicly addressed questions regarding the exact timing of the breach or whether it was facing extortion demands, ShinyHunters has added Instructure to its data leak platform.

"Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII," reads the data leak site.

"Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved."

According to the cybercrime group, the breach occurred through a vulnerability in Instructure’s systems that has since been fixed. The hackers allege that the stolen information includes more than 240 million records linked to students, teachers, and staff members.

The leaked data is said to contain names, email addresses, enrolled course details, and private conversations between students and teachers. Information shared by the threat actors suggests the dataset may cover nearly 15,000 institutions across regions including North America, Europe, and Asia-Pacific.

At present, the full scope of the incident remains unverified, and independent confirmation regarding the number of affected schools and individuals has not yet been established
Read more »
Subscribe to: Posts (Atom)

Featured