Kirsten Doyle

An attack on the popular Instructure Canvas learning management system has caused major disruptions for schools and universities in the US, just as students gear up for finals. This poses a serious threat to the personal data of millions of students and teachers. Multiple institutions reported outages affecting the web-based Canvas platform on Thursday, with users encountering ransom messages posted directly to school Canvas homepages. According to Instructure, Canvas serves more than 30 million active users worldwide. The company’s public status page showed that while most services had been restored by late Thursday, Canvas Beta and Canvas Test remained in maintenance mode. The…

Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset. The company said it had launched security protocols and notified the relevant authorities following the incident, Reuters reports. It was reported that the data leak included customers’ email addresses, purchase history, order IDs, product information, and support ticket information. Inditex confirmed that passwords, payment card information, and physical addresses were not breached, and their internal operations and systems remained untouched. BleepingComputer reports linked…

A new report published by Internet Matters, reveals that the Online Safety Act (OSA) in the UK, although bringing visibility of online safety tools, does not seem to be living up to expectations of providing the much-needed “meaningful protection from harm.” In their report titled The Online Safety Act: Are Children Safer Online?, Internet Matters has highlighted a dual image of success and continued vulnerability. Age verification checks, reporting tools, warnings, and parental controls are being observed on social networking sites, games, and other online platforms. Approximately 68% of parents and children claim to have witnessed these changes  Families embraced many of these changes. Kids especially appreciated…

Trellix has disclosed unauthorized access to a portion of its source code repository.   However, it did not specify which portion of its source code was accessed, nor did it provide many further details about the incident. “Upon learning of this matter, we immediately began working with leading forensic experts to resolve it. We have also notified law enforcement,” the company said in a statement. Based on its investigation to date, Trellix added that is has found no evidence that its source code was released, its distribution process was affected, or that its source code has been exploited.   “As part of our commitment to our broader security community, we intend to share further details as appropriate once our investigation is complete.” Ben Ronallo, Director of Security Operations at Black…

Security researcher Tom Jøran Sønstebyseter Rønning, posting as @L1v1ng0ffTh3L4N, has revealed that Microsoft Edge decrypts every saved password at startup and holds all of them in process memory, in cleartext, for the entire browser session. He says this includes passwords for sites the user is visiting as well as every credential the user’s ever saved. The passwords are held in memory from the moment Edge opens. The assumption behind the technical behaviour Uzair Gadit, Founder & CEO, of Secure.com, says: “What makes this Edge finding unusual is not just the technical behaviour, it is the assumption behind it. Users are told to follow best practices, use strong passwords and use a password manager, and they…

There are discussions in US cybersecurity circles to radically shorten the time given to government agencies to fix software vulnerabilities currently being exploited, especially amid concerns about the growing use of artificial intelligence-based attacks.  According to a report by Reuters, there are talks of reducing the time frame from the current two or three weeks down to just three days, dramatically raising the pace of defensive operations across government systems. These conversations, initiated by CISA and the Office of the National Cyber Director, have been spurred by an increasing sense of unease regarding more advanced AI models like Anthropic Mythos and GPT-5.4-Cyber. These models are expected to significantly reduce the window during which any vulnerabilities can be detected and exploited, reducing attack times from…

The Cybersecurity and Infrastructure Security Agency (CISA) has added another Linux kernel vulnerability, CVE-2026-31431, also known as Copy Fail, to the Known Exploited Vulnerabilities (KEVs).   Inclusion in the list implies active real-world attacks and increases the priority of patches. This particular vulnerability, which has been affecting almost all major Linux distributions since 2017, involves transferring resources incorrectly between security domains and allows local users to escalate privileges to root access.  Experts emphasize the danger associated with this vulnerability, especially because of its reliability, undetectability, and cross-environment nature. Threat actors can abuse this vulnerability to tamper with memory data without any traces on the disk. Microsoft researchers…

Anthropic Mythos platform has sparked a new round of debate over a classic cybersecurity question – except at an entirely new level: What will happen as the systems used to discover and exploit vulnerabilities gain the ability to do so at the speed of machines? In conjunction with projects such as Project Glasswing, the idea is straightforward: create an advantage for the defenders against AI-enabled threats. But just how durable is that advantage? To explore what Mythos means for the future of cybersecurity, we asked a panel of industry experts to weigh in. Their responses are not surface-level optimism or scepticism;…

Unsanctioned users have allegedly accessed Anthropic’s controversial Claude Mythos Preview AI frontier model although the company has limited the businesses that can use it. The group, who have yet to be named, had apparently made many attempts to access Mythos since it debuted earlier this month. They finally gained access via a third-party vendor.   The users who accessed Mythos on the day it was announced are members of a Discord group known for searching for information about unreleased AI models. According to the Bloomberg report, the group, using knowledge it had about a format Anthropic had used for other models, “made an educated guess about [Mythos’] online location.” One of the group told the news agency they were “interested in playing around with new…

Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclosed in April 2026. In an official security bulletin, the company stated: “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.” Vercel added that it is “actively investigating” the incident, has engaged incident response experts, and notified law enforcement as part of its response. Limited impact, ongoing investigation The company said the attack has impacted a limited subset of its users, and services continue to operate without any disruption.  Even though a lot of information is still pending, preliminary findings reveal that this security breach took place beyond the confines of Vercel’s network. The attacks are…