Instructure confirms hackers used Canvas flaw to deface portals
… The second hack was to draw attention and to pressure Instructure into entering negotiations to pay a ransom following an initial breach disclosed a week before . …
Search
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
… It affects all versions of the plugin from 2.1.4 and older and has been addressed in version 2.1.5, released on March 17. WordPress security company Defiant is warning that hackers are actively exploiting the vulnerability. …
KongTuke hackers now use Microsoft Teams for corporate breaches
… Download Now Related Articles: Yanluowang ransomware access broker gets 81 months in prison Microsoft says backend change broke Teams Free chat and calls Threat actor uses Microsoft Teams to deploy new “Snow” malware Microsoft: Some Teams users can’t join meetings after Edge update Microsoft Teams … …
Critical Everest Forms Pro flaw exploited to take over WordPress sites
… Get the whitepaper Related Articles: Critical Kirki flaw exploited to hijack WordPress admin accounts WP Maps Pro bug exploited to create admin accounts on WordPress sites Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Hackers exploit file upload bug in Breeze Cache WordPress… …
Signal adds security warnings for social engineering, phishing attacks
Signal adds security warnings for social engineering, phishing attacks By Bill Toulas May 12, 2026 03:40 PM Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. …
Windows version of SprySOCKS Linux malware used to attack govt orgs
… Get the whitepaper Related Articles: Chinese hackers breach REDCap servers, steal medical research Chinese APT deploys new malware to keep access to hacked networks Chinese hackers target telcos with new Linux, Windows malware New GopherWhisper APT group abuses Outlook, Slack, Discord for comms Chi… …
GitHub confirms breach of 3,800 repos via malicious VSCode extension
… Send your offers to the communications below, we are not interested in under 50k, the best offer will get it." TeamPCP was previously linked to massive supply chain attacks targeting developer code platforms, including GitHub , PyPI , NPM , and Docker , and, more recently, to the "Mini Shai-Hulud"… …
Microsoft Self-Service Password Reset abused in Azure data theft attacks
… Download Now Related Articles: Signal adds security warnings for social engineering, phishing attacks NVIDIA confirms GeForce NOW data breach affecting Armenian users Microsoft: Teams increasingly abused in helpdesk impersonation attacks Over 100 Chrome Web Store extensions steal user accounts, dat… …
Credit card theft campaign abuses Stripe to host stolen payment info
… Get the whitepaper Related Articles: Hackers use pixel-large SVG trick to hide credit card stealer Funnel Builder WordPress plugin bug exploited to steal credit cards Škoda warns of customer data breach after online shop hack SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA NGate An… …
Flipper One project needs community help to build open Linux platform
… Download Now Related Articles: Exploit released for new PinTheft Arch Linux root escalation flaw Exploit available for new DirtyDecrypt Linux root escalation flaw Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own New Fragnesia… …