Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Researchers Find Security Gap in Anthropic Skill Scanners

Security researchers have uncovered a gap in the way Anthropic Skill scanning tools inspect third-party AI packages, allowing malicious code...

All the recent news you need to know
Microsoft security
Credential Security Cyber Phishing Cyber Security Data protection data security Microsoft Microsoft security

Microsoft Warns Users About Rising QR Code Phishing and Quishing Scams

 

Microsoft’s cybersecurity researchers have uncovered a growing wave of phishing scams using QR codes hidden inside emails, PDF files, and fake CAPTCHA pages. Instead of clicking suspicious links, victims scan QR codes that secretly redirect them to fraudulent websites designed to steal login credentials and session data. The attacks spread quickly because they bypass many traditional security filters and often appear harmless at first glance. 

Known as “quishing,” these scams hide malicious links inside QR codes, avoiding the usual warning signs tied to suspicious URLs. Emails often create urgency through fake compliance notices, security alerts, or missed-message warnings, encouraging users to scan the code without carefully checking the sender. According to Microsoft, attackers are impersonating HR teams, IT departments, managers, and office administrators to make messages appear legitimate. 

Once scanned, users are routed through several webpages before landing on counterfeit login portals built to capture usernames, passwords, and even live session tokens capable of bypassing some two-factor authentication protections. Researchers say more than 35,000 users across approximately 13,000 organizations worldwide have already been targeted, with cases continuing to rise. Many people trust QR codes because they are commonly used for menus, payments, and sign-ins, making them less likely to question the risks behind scanning one. 
Cybercriminals are exploiting that familiarity to trick users into exposing sensitive information. A recent case highlighted by Digit.in demonstrated how convincing these scams can be. Employees reportedly received emails appearing to come from an Office 365 administrator claiming several messages were awaiting approval. Instead of links, the email included a QR code directing users elsewhere. Investigators tested the QR code using a freshly wiped mobile device across Android and iOS platforms to minimize potential risks. 

While the QR codes in that case did not install malware or alter device settings, the test showed how easily similar scams could deceive unsuspecting users. Security professionals warn that scanning unfamiliar QR codes on devices containing banking apps, work credentials, personal photos, or confidential files can expose users to serious threats without obvious warning signs. Experts recommend avoiding QR codes sent through unsolicited emails, verifying senders carefully, and checking linked addresses before entering passwords. 

As cybercriminals increasingly rely on social engineering instead of direct hacking, simple actions like scanning a QR code are becoming new entry points for digital attacks.
Read more »
Threat Investigation
AI SOC Alert Overload Cyber Security SOC Security Threat Investigation

SOC Alert Overload: Why More Analysts Won’t Help

 

Security operations centers are facing a problem that hiring alone cannot solve. Alert volumes keep rising, attackers move faster than most human teams can investigate, and many SOCs still rely on workflows built for a much smaller stream of events. The result is a widening gap between the alerts generated by modern systems and the number that can be analyzed with real depth. 

Even when organizations add analysts, the queue often remains crowded because the underlying process still depends on manual triage. That is why security experts argue the issue is not a staffing shortage alone, but an operating-model failure that leaves teams reacting instead of defending. 

Most SOCs have already tried the obvious fixes. They prioritize critical alerts, suppress noisy detections, and tune rules to reduce false positives. Those steps help, but they do not remove the central bottleneck: too many alerts still reach humans for investigation. The article explains that low- and medium-severity events are especially dangerous because attackers often hide inside them, knowing analysts are overwhelmed. When those signals sit in a backlog, the delay becomes a security weakness in itself. 

To test whether a SOC is truly under strain, security experts suggest a quick diagnostic. Leaders should ask how many high-priority alerts were actually investigated, how often detection rules were suppressed without replacement coverage, whether analyst turnover has created a fragile bench, and what task would be sacrificed if alert volume doubled overnight. If the answers reveal gaps, the problem is not effort or discipline. It is capacity, continuity, and architecture. 

The proposed answer is not to push analysts harder, but to change how investigations are handled. AI-based SOC platforms can triage alerts at scale, document reasoning, and free analysts from repetitive work. In the examples cited, teams completed thousands of investigations quickly and recovered large amounts of analyst time. That shift also allowed some organizations to reduce SIEM-related spending by cutting unnecessary ingest and storage. Humans still matter, but their role changes: they focus on insider threats, novel attack patterns, and cases that require business or regulatory judgment. 

The broader lesson is simple. Modern SOCs need a model that matches today’s attack speed and alert volume. If the queue is always full, more people will only slow the pain, not remove it. The stronger answer is to redesign the workflow so that technology handles scale and analysts handle judgment, because that is where security value actually comes from.
Read more »
Hacking Group
Canada Cyber Attacks Cyber Breach Digital Security Challenges education sector Education Sector Cybersecurity Hacker attack Hacking Group

ShinyHunters Cyberattack Disrupts Canvas Platform Across Universities and Schools

 

This week, a significant digital breach affected educational institutions throughout the United States, Canada, and Australia. The incident followed claims by the hacking collective ShinyHunters. Their target: Canvas, a commonly adopted online learning system. Despite its widespread use, the platform proved vulnerable. 

Though details remain partial, reports confirm active exploitation of security gaps. While some schools shifted to offline methods, others delayed classes. Because of the reach of the network, effects spread quickly. Since access was blocked at peak hours, confusion grew early. Not every region reported identical issues - some experienced minor delays instead. Even so, trust in ed-tech infrastructure has taken a hit. 

As investigations continue, officials are reviewing how data was exposed. Midway through the year’s final academic stretch, a cyberattack triggered broad system failures across roughly 9,000 schools globally. Coursework uploads faltered, exam access vanished, lectures disappeared, grading stalled - student work ground to a halt. Though Instructure owns the platform, control slipped when services went down; officials acknowledged the breach soon after. 

Recovery came slowly - Canvas returned for many, yet pockets of disruption lingered on campuses far apart. Midway through tests, alerts flashed unexpectedly - spreading uncertainty among test takers and instructors at multiple campuses. Because of the interference, assessments set for Friday at Mississippi State University got delayed without prior notice. Screens displayed warnings stating “ShinyHunters has breached Instructure (again),” followed by demands for cryptocurrency transfers to prevent data leaks. 

Some learners recalled frozen systems right when submitting answers. Though officials confirmed the incident, details remained limited throughout the afternoon. By evening, investigations had begun while backups were reviewed quietly behind closed doors. After finishing their long exam essays, one student - Aubrey Palmer - noticed the ransom note pop up. When doubts emerged about whether files were actually saved, stress began spreading through the group. 

Some felt upset right away, others grew uneasy only later. Midterms approached fast when campuses started alerting students about sudden changes. Following technical issues, Sydney advised against accessing Canvas until further details arrived from Instructure. With finals looming, the timing of the outage posed serious challenges. Though routine disruptions happen now and then, this one struck during peak assessment periods.  

Among those impacted were Penn State University, Idaho State University, the University of British Columbia, the University of Toronto, UCLA, and the University of Chicago. With IT departments reviewing how far the breach reached, some campuses postponed exams - others called them off entirely. Later on campus, Jacques Abou-Rizk noticed something off after opening an email link - he saw a message that seemed tied to a demand for payment. 

Though the note mimicked one from school staff, officials clarified they were already tracking the event. Despite initial concerns, leaders emphasized no additional platforms showed signs of intrusion. Cybersecurity analysts pointed to screenshots suggesting the attacks might have started several days before the public alerts, as seen in timed demands delivered to targeted organizations. 

While ransom discussions could still be happening behind the scenes, the hacker collective hasn’t revealed its next steps regarding the data it claims to possess. Besides earlier cases, another breach now ties back to ShinyHunters - a group already connected to several prominent corporate intrusions. While details differ, patterns point to similar tactics used before across large-scale data compromises. 

Surprisingly, the widespread outage sparked fresh worries over how ready schools really are when it comes to digital safety. At nearly the same time, officials like Senator Chuck Schumer began pushing for tougher nationwide protection - especially since artificial intelligence-driven attacks and online ransom schemes keep growing across countries.
Read more »
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
Instructure
AI Canvas Cloud Data Breach Data Leak data security Instructure

Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility


Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff.

100s of GBs data leaked

The data breach accounts for hundreds of gigabytes, possibly leaking Canvas users’ email ids, private messages, and names. 

Instructure revealed in May that it was hit by a data breach. The Canvas incidents of 8,809 universities, educational platforms, schools were impacted by the attack. ShinyHunters said that the numbers range between tens of thousands to several millions per institution.

It is concerning that a lot of K-12 students’ data has been leaked. If your child has been affected by the data breach, Malware Bytes can help in what to do next and how to stay safe.

Canvas compromised

Various students who tried using Canvas after the cyberattack received the message from ShinyHunters blackmailing to leak the data if Instructure did not contact the hackers by May 12. Canvas was shut down offline for various students following the incident, but it is now available for most users. 

GTA 6, Studio Rockstar were blackmailed too

ShinyHunters has been killing it this year, with only high profile targets in its track records. The group asked for a ransom from GTA 6 (a video game) Studio Rockstar in April. But in reality, it was a hoax demand as the hackers did not have anything important/worthy to leak. 

Nvidea Geforce allegedly hacked

But recently, the group allegedly claimed responsibility for the Nvidea’s GeForce Now breach, claiming to have “pulled their entire database straight from the backend."

Shiny hunters all over the place

In the Canvas incident, ShinyHunters allegedly stole user records through exposrting features inside the platform. This consists of DAP queries, APIs, and provisioning reports, according to Bleeping Computers. “The unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. 

It also added that it “revoked privileged credentials and access tokens, deployed platform-wide protections, rotated certain internal keys, restricted token creation pathways, and added monitoring across our platforms." 

The impact

Instructure also “engaged a third-party forensic firm and notified law enforcement. Beyond the immediate response, we're hardening administrative access, token management, permissions, monitoring, and related workflows. The investigation may inform further improvements.”

However, it might be too little, too late—parents are unlikely to overlook the possibility of disclosing their children's information. The much bigger problem, though, is the disastrous harm ShinyHunters has caused to Canvas's operations and reputation, as malware historian vx-underground stated on X.

Read more »
SEO Manipulation
Algorithmic Enforcement Digital Markets Act EU Antitrust Probe Google Search Rules Google Spam Policy Parasite SEO Publisher Visibility Search Ranking Abuse SEO Manipulation

Google Navigates EU Regulatory Pressure With Search Policy Shift


 

A growing regulatory backlash against search ranking practices has forced Alphabet's Google to reevaluate portions of its spam enforcement framework in response to criticism by digital publishers in Europe. Reuters has reviewed a document from the European Commission that proposes modifications in Google's site reputation abuse policy as a method of identifying and suppressing manipulative ranking tactics common to “parasite SEO,” where third-party content is published on domains with high authority in order to gain search engine credibility. 

In response to regulatory concerns that opaque policy implementation can disproportionately affect publishers and online visibility across competitive digital markets, Google may be facing a technical shift in how to balance large-scale search quality enforcement with growing antitrust concerns. 

Regulatory scrutiny intensified in November when European regulators formally examined whether Google's enforcement model under its site reputation abuse policy created unfair competitive disadvantages for its publishers. Reuters reported that the investigation was prompted by complaints from media and digital publishing organizations concerning the company’s handling of third-party hosted content aimed at exploiting existing domain ranking authority, a technique known as parasite SEO within the search optimization industry. 

It has been reported that Google has submitted a revised set of policy adjustments to address regulatory concerns relating to transparency, ranking treatment, and enforcement consistency as part of the ongoing review conducted under the European Commission's Digital Markets Act enforcement framework. Prior to the Commission proceeding to the next stage of evaluation, stakeholders and affected parties have been invited to review the proposed modifications and provide feedback. 

A Google spokesperson confirmed that active discussions with European authorities are ongoing. This indicates that Google is committed to maintaining regulatory engagement in an effort to reduce the risk of potential antitrust penalties arising from its practices in search governance. Google's latest proposal is described as a compliance measure aligned with obligations under the Digital Markets Act, with regulators providing interested parties with until next week to respond formally to the suggestions. 

According to the EU watchdog's preliminary analysis, Google's spam enforcement mechanisms were reducing the visibility of news publishers and other media platforms in Google Search when these websites contained material sourced from commercial content partnerships as a result of its spam enforcement mechanisms. It is argued by regulators that the policy affects a widely adopted monetisation structure that publishers rely on in order to generate revenue from digital advertising and syndication, in addition to spam mitigation.

According to these findings, algorithmic quality control systems are being evaluated as part of dominant search infrastructures, and whether these systems unintentionally distort the competitive landscape of online publishing. A confirmed violation of the DMA may result in penalties up to 10 percent of the company's annual global turnover being imposed on the company, creating a significant regulatory and financial stake. 

While Google had not responded to Reuters' request for additional clarification at the time of the release of the report, the European Commission declined to comment publicly on the matter. It is anticipated that the outcome of the Commission's review will influence the design and enforcement of algorithmic anti-spam controls across the broader digital publishing ecosystem. 

Additionally, the case reflects a growing regulatory concern about the effectiveness of automated ranking enforcement systems without disrupting legitimate commercial publishing models, beyond the immediate antitrust implications. 

Negotiations for Google are more than a policy adjustment exercise; they demonstrate a complex balance between maintaining search integrity, limiting manipulative SEO behavior, and complying with evolving European competition standards governing dominant technologies.
Read more »
Subscribe to: Posts (Atom)

Featured