Technology.org reports: The group behind it, a fast-rising crew called TeamPCP, says it reached roughly 4,000 of GitHub’s code repositories. GitHub confirmed the breach Tuesday night and counted at least 3,800 compromised repositories, all of them holding GitHub’s own code rather than customer data, according to what it has found so far. For years, supply […]
TechCrunch reports: New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people. NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom […]
When the federal agency that directs organizations and agencies to quickly attend to vulnerabilities and breaches has its own breach, people notice. Brian Krebs reports: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA […]
CNN reports: US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity. The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them […]
When education software giant Instructure announced on May 1 that its widely used Canvas software was unavailable as it investigated a data security incident, it suggested the breach was mostly contained. That turned out to be overly optimistic. While the firm posted updates on its site as its services returned to service, the ShinyHunters group that attacked them continued to […]
From the Google Threat Intelligence Group’s Executive Summary: Read more at Google.
There has been yet another development in the hack-and-leak attack on edtech giant Instructure, which was targeted by the ShinyHunters gang in April. When Instructure didn’t pay the gang’s ransom demands to delete the data, ShinyHunters attacked them again, defacing Canvas login pages with a note from ShinyHunters to schools. CNN reports: An apparent cyberattack shut down an […]
The Eastern Herald reports: A critical error in Microsoft’s flagship security platform has sent shockwaves across the global cybersecurity community, after Microsoft Defender wrongly flags DigiCert certs as Trojan, triggering widespread panic among enterprises and system administrators. The issue emerged in early May 2026, when a faulty security intelligence update caused Defender to misidentify trusted DigiCert […]
Security Week reports that Instructure is the latest edtech firm to fall prey to hackers. Based in Salt Lake City, Utah, the edtech firm is best known for Canvas, one of the most widely used learning platforms across educational institutions and other organizations. Disclosed on April 30, the cyberattack was blamed for “disruption to tools […]
Lewis Robertson of Heriot-Watt University writes: Newly published research from a leading computer scientist warns that the use of generative AI to design, train, or perform steps within a machine learning system could increase serious risks. Michael Lones, professor at Heriot-Watt University’s School of Mathematical and Computer Sciences, has argued in a new paper that generative […]
