Zara Data Breach Impacts Nearly
ShinyHunters gets away with emails and other data on 200,000 Zara customers
Latest Disclosures
Canvas System Is Online After
Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System Is Online After a Cy
SailPoint Discloses GitHub Repository Hack
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeared first on SecurityWeek.
Official JDownloader site served malware
JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitim
Fake OpenAI repository on Hugging
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. [...]
JDownloader site
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access troja
Australian Cyber Security Centre Issues
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
Trellix source code breach claimed
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]
Canvas Breach Disrupts Schools &
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime gro
Zara data breach
Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. [...]
AI Firm Braintrust Prompts API
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.
Zara Data Breach
Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromis
Zara
197,376 records exposed — Email addresses, Geographic locations, Purchases, Support tickets
Anthropic’s Claude used in attempted
Researchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities.
RansomHouse
RansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed responsibility for t
BerriAI LiteLLM
BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised acces
Instructure
The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.
Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with adm
ThreatsDay Bulletin
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. S
Canvas login portals
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. [...]
CISOs
By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments n
From Android TVs to routers:
A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devi
Mirai-Based xlabs_v1 Botnet Exploits ADB
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying o
PCPJack Credential Stealer Exploits 5
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset