Article Read Time
1. Canvas Platform Breach Exposes Data of 275 Million Students Nationwide
Hacking group ShinyHunters claimed responsibility for a massive breach of Instructure’s Canvas learning management system, potentially exposing the personal information of 275 million students across nearly 9,000 educational institutions. Instructure confirmed the attack stemmed from unauthorized access first detected on April 29, with exposed data including names, email addresses, student ID numbers, and private messages. The breach represents one of the largest education-sector incidents in history, prompting urgent investigations by affected school districts, including Wake County Public Schools and the National University of Singapore.
Source: Malwarebytes
2. Critical PAN-OS Zero-Day (CVE-2026-0300) Under Active Exploitation
A critical buffer overflow vulnerability in Palo Alto Networks PAN-OS firewalls is being actively exploited in the wild, allowing unauthenticated attackers to achieve root-level remote code execution. Carrying a CVSS score of 9.3, the flaw targets the User-ID Authentication Portal on PA-Series and VM-Series firewalls. CISA added it to the Known Exploited Vulnerabilities catalog on May 6, and a public proof-of-concept exploit dropped the same day, dramatically lowering the barrier for threat actors of all skill levels.
Source: The Hacker News
3. “Dirty Frag” Linux Kernel Zero-Day Grants Root on All Major Distros
Security researcher Hyunwoo Kim disclosed Dirty Frag, a local privilege escalation exploit chain affecting Linux kernels across Ubuntu, RHEL, Fedora, openSUSE, and more. The attack chains two page-cache write vulnerabilities (CVE-2026-43284 and CVE-2026-43500) that have existed in the kernel for roughly nine years, allowing any local user to gain root with a single command. A proof-of-concept exploit went public on May 7 after the disclosure embargo was inadvertently broken, and Microsoft confirmed active post-compromise exploitation in the wild.
Source: BleepingComputer
4. NVIDIA Confirms GeForce NOW Data Breach by ShinyHunters
NVIDIA confirmed that user data from its GeForce NOW cloud gaming service was exposed following a breach of GFN.AM, an authorized regional partner in Armenia. ShinyHunters claimed to have stolen millions of user records and offered the full database for $100,000 in cryptocurrency. Exposed information includes full names, email addresses, usernames, dates of birth, and 2FA status, though passwords were reportedly not compromised. The unauthorized access window stretched 54 days before detection on May 2.
Source: BleepingComputer
5. AI-Powered Attacks Surge as Threat Actors Weaponize Malicious ML Repositories
A malicious Hugging Face repository that climbed to the platform’s trending list was found impersonating OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. This incident highlights the accelerating trend of AI-assisted attacks in 2026, where threat actors exploit trust in machine learning platforms and open-source AI tools. Combined with the rise of credential theft frameworks like PCPJack targeting cloud infrastructure, attackers are increasingly leveraging AI ecosystems as both weapon and attack surface.
Source: The Hacker News