Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Security researcher says Yarbo robot mowers contained serious flaws enabling remote access, live camera feeds and Wi-Fi ...

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

A hacker minted $76 million in eBTC on Echo Protocol through an admin-key exploit, with 955 eBTC still held and part of the ...

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...

The company behind the popular Canvas software, which was hacked last week causing major disruption at thousands of universities and colleges, has paid the hackers not to publish stolen data online.

Google caught the first zero-day exploit built with AI assistance. Criminal and state backed hackers are using AI models to find vulnerabilities faster.

This story has been updated with comments from the University of Cincinnati and Cincinnati Public Schools. Canvas, a cloud-based learning management platform used by thousands of schools and ...

ShinyHunters apparently isn't done with edutech giant Instructure. The now-infamous hacking and extortion collective known as ShinyHunters has once again breached Instructure, the education technology ...

Canvas, one of the most widely used education apps, said it had restored services after pulling the plug in the middle of finals week at many colleges to deal with a cybersecurity incident. From ...

On May 3, cybercrime group ShinyHunters claimed responsibility for breaching Instructure — the parent company of Canvas — reportedly compromising the data of hundreds of millions of users, including ...