Cyber Security News
Start. Stay. Grow.
Curated daily. The latest hacks, breaches, and cyber trends—humanized.
Daily cyber brief
Hacking Editorial Brief — May 8, 2026
## ShinyHunters Targets Canvas Platform, Affects 9,000 Educational Institutions
The prolific cybercrime group ShinyHunters has claimed responsibility for breaching Instructure, the parent company of Canvas learning management system, impacting approximately 9,000 schools and universities across the United States. The attack caused widespread Canvas outages on Thursday, with institutions from Kansas State to Princeton to North Carolina state schools reporting disruptions during finals period. ShinyHunters posted ransom messages directly within Canvas systems, threatening to release "several billions of records" including student and staff names, email addresses, and student IDs if demands are not met. The group has a documented history of large-scale data breaches since 2019. Educational institutions across Missouri, Texas, Pennsylvania, and the Carolinas have confirmed impact, with some reporting that data from as early as April may have been compromised.
## Active Zero-Day Exploitation and Critical Vulnerabilities
Ivanti has disclosed CVE-2026-6973, an improper input validation vulnerability in Endpoint Manager Mobile (EPMM) currently being exploited in limited zero-day attacks. The flaw requires administrative access for exploitation but represents an active threat to enterprise mobile management infrastructure. Separately, researchers have detailed CVE-2026-31431, dubbed "Copy Fail," a critical local privilege escalation vulnerability disclosed April 29 affecting mainstream Linux distributions including Ubuntu, Red Hat, and Debian. The flaw is being characterized as one of the most severe Linux threats in years, with millions of systems potentially vulnerable. Meanwhile, three malicious packages discovered on the Python Package Index have been found delivering ZiChatBot, a previously unknown malware family that targets both Windows and Linux systems via Zulip APIs. In an unusual development, TechCrunch reports that an unknown hacker group is actively re-compromising systems previously breached by the cybercrime group TeamPCP.
Sources: K-State Collegian · WCNC · WRAL · Daily Princetonian · Bleeping Computer · Unit 42 · The Hacker News · TechCrunch
Around the Web
Last Updated: N/A
Hacks + Heists
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
CVE-2026-31431 (Copy Fail), a critical local privilege escalation vulnerability disclosed on April 29, 2026, affects millions of systems across mainst...
Read more →Hackers hack victims hacked by other hackers - TechCrunch
An unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately ...
Read more →Canvas down ahead of finals after Instructure hack - The Daily Princetonian
Princeton's course-management platform Canvas went dark Thursday afternoon after the cybercriminal group ShinyHunters claimed to have hacked ...
Read more →Hackers cause Canvas shutdown; K-State among 9000 schools affected
The cybercrime extortion group ShinyHunters allegedly hacked Instructure, causing Canvas outages at Kansas State and 9,000 other higher education ...
Read more →Hackers Target Canvas—Again - Inside Higher Ed
One day after Instructure said it had resolved a data breach to its learning management system, Canvas, the hackers are at it again.
Read more →
Big Cyber
Canvas Data Breach May Have Impacted All NC Public Schools
Wake County Public School System and potentially all North Carolina K-12 schools were impacted by the Instructure Canvas cybersecurity incident with s...
Read more →ISU and BYU-I students locked out of Canvas following major cyber incident - LocalNews8.com
... College of Eastern Idaho are among the thousands across the nation that have lost access to Canvas after a confirmed cybersecurity incident.
Read more →Updates: Canvas Nationwide Cybersecurity Incident | Office of Information Technology
Canvas is currently down due to a wide-scale cybersecurity outage affecting multiple institutions. The vendor is aware of the issue and is providing ....
Read more →2026: The Year of AI-Assisted Attacks
Mandiant's M-Trends 2026 report reveals that exploits are now routinely arriving before patches, with 28.3% of CVEs exploited within 24 hours of discl...
Read more →
Hard Tech
React2Shell (CVE-2025-55182)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically f...
Read more →Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer
We discovered three vulnerabilities that when chained together, allow for complete remote compromise:
Read more →Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This ...
Read more →Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgentl...
Read more →Loading...
The Cybersecurity Chronicles
‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.
Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.
Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.
Stay Updated with Cyber Security News
Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.
Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.