Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

ShinyHunters Cyberattack Disrupts Canvas Platform Across Universities and Schools

  This week, a significant digital breach affected educational institutions throughout the United States, Canada, and Australia. The inciden...

All the recent news you need to know
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
Instructure
AI Canvas Cloud Data Breach Data Leak data security Instructure

Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility


Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff.

100s of GBs data leaked

The data breach accounts for hundreds of gigabytes, possibly leaking Canvas users’ email ids, private messages, and names. 

Instructure revealed in May that it was hit by a data breach. The Canvas incidents of 8,809 universities, educational platforms, schools were impacted by the attack. ShinyHunters said that the numbers range between tens of thousands to several millions per institution.

It is concerning that a lot of K-12 students’ data has been leaked. If your child has been affected by the data breach, Malware Bytes can help in what to do next and how to stay safe.

Canvas compromised

Various students who tried using Canvas after the cyberattack received the message from ShinyHunters blackmailing to leak the data if Instructure did not contact the hackers by May 12. Canvas was shut down offline for various students following the incident, but it is now available for most users. 

GTA 6, Studio Rockstar were blackmailed too

ShinyHunters has been killing it this year, with only high profile targets in its track records. The group asked for a ransom from GTA 6 (a video game) Studio Rockstar in April. But in reality, it was a hoax demand as the hackers did not have anything important/worthy to leak. 

Nvidea Geforce allegedly hacked

But recently, the group allegedly claimed responsibility for the Nvidea’s GeForce Now breach, claiming to have “pulled their entire database straight from the backend."

Shiny hunters all over the place

In the Canvas incident, ShinyHunters allegedly stole user records through exposrting features inside the platform. This consists of DAP queries, APIs, and provisioning reports, according to Bleeping Computers. “The unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. 

It also added that it “revoked privileged credentials and access tokens, deployed platform-wide protections, rotated certain internal keys, restricted token creation pathways, and added monitoring across our platforms." 

The impact

Instructure also “engaged a third-party forensic firm and notified law enforcement. Beyond the immediate response, we're hardening administrative access, token management, permissions, monitoring, and related workflows. The investigation may inform further improvements.”

However, it might be too little, too late—parents are unlikely to overlook the possibility of disclosing their children's information. The much bigger problem, though, is the disastrous harm ShinyHunters has caused to Canvas's operations and reputation, as malware historian vx-underground stated on X.

Read more »
SEO Manipulation
Algorithmic Enforcement Digital Markets Act EU Antitrust Probe Google Search Rules Google Spam Policy Parasite SEO Publisher Visibility Search Ranking Abuse SEO Manipulation

Google Navigates EU Regulatory Pressure With Search Policy Shift


 

A growing regulatory backlash against search ranking practices has forced Alphabet's Google to reevaluate portions of its spam enforcement framework in response to criticism by digital publishers in Europe. Reuters has reviewed a document from the European Commission that proposes modifications in Google's site reputation abuse policy as a method of identifying and suppressing manipulative ranking tactics common to “parasite SEO,” where third-party content is published on domains with high authority in order to gain search engine credibility. 

In response to regulatory concerns that opaque policy implementation can disproportionately affect publishers and online visibility across competitive digital markets, Google may be facing a technical shift in how to balance large-scale search quality enforcement with growing antitrust concerns. 

Regulatory scrutiny intensified in November when European regulators formally examined whether Google's enforcement model under its site reputation abuse policy created unfair competitive disadvantages for its publishers. Reuters reported that the investigation was prompted by complaints from media and digital publishing organizations concerning the company’s handling of third-party hosted content aimed at exploiting existing domain ranking authority, a technique known as parasite SEO within the search optimization industry. 

It has been reported that Google has submitted a revised set of policy adjustments to address regulatory concerns relating to transparency, ranking treatment, and enforcement consistency as part of the ongoing review conducted under the European Commission's Digital Markets Act enforcement framework. Prior to the Commission proceeding to the next stage of evaluation, stakeholders and affected parties have been invited to review the proposed modifications and provide feedback. 

A Google spokesperson confirmed that active discussions with European authorities are ongoing. This indicates that Google is committed to maintaining regulatory engagement in an effort to reduce the risk of potential antitrust penalties arising from its practices in search governance. Google's latest proposal is described as a compliance measure aligned with obligations under the Digital Markets Act, with regulators providing interested parties with until next week to respond formally to the suggestions. 

According to the EU watchdog's preliminary analysis, Google's spam enforcement mechanisms were reducing the visibility of news publishers and other media platforms in Google Search when these websites contained material sourced from commercial content partnerships as a result of its spam enforcement mechanisms. It is argued by regulators that the policy affects a widely adopted monetisation structure that publishers rely on in order to generate revenue from digital advertising and syndication, in addition to spam mitigation.

According to these findings, algorithmic quality control systems are being evaluated as part of dominant search infrastructures, and whether these systems unintentionally distort the competitive landscape of online publishing. A confirmed violation of the DMA may result in penalties up to 10 percent of the company's annual global turnover being imposed on the company, creating a significant regulatory and financial stake. 

While Google had not responded to Reuters' request for additional clarification at the time of the release of the report, the European Commission declined to comment publicly on the matter. It is anticipated that the outcome of the Commission's review will influence the design and enforcement of algorithmic anti-spam controls across the broader digital publishing ecosystem. 

Additionally, the case reflects a growing regulatory concern about the effectiveness of automated ranking enforcement systems without disrupting legitimate commercial publishing models, beyond the immediate antitrust implications. 

Negotiations for Google are more than a policy adjustment exercise; they demonstrate a complex balance between maintaining search integrity, limiting manipulative SEO behavior, and complying with evolving European competition standards governing dominant technologies.
Read more »
ShinyHunters
Academic Network Security Canvas cyberattack Data Breach Education Sector Security Phishing Threats Ransomware Attack ShinyHunters

Ransomware Attack Disrupts Grading Platform Used by LBUSD Cal State and LBCC


 

A cyberattack linked to the ShinyHunters extortion group temporarily disrupted educational operations across a number of educational institutions in the United States, causing concern over the potential exposure of sensitive student and faculty data. These institutions continued to restore access to Canvas this week. Although several universities and school districts have been able to resume normal access following recovery efforts coordinated by Canvas parent company Instructure, the incident continues to affect portions of the education sector. 

Administrators have assessed the broader impacts of the breach and reviewed claims regarding the compromise of data belonging to hundreds of millions of platform users around the world. After the incident was triggered on Thursday, teachers and students at Long Beach Unified School District, California State University Long Beach and Long Beach City College were suddenly unable to access Canvas, the cloud-based platform widely used for coursework, grades, assignments and internal communication, the operational impact of the incident became more apparent. 

According to district officials, they were informed earlier this week that Instructure, the company which provides Canvas, had discovered that certain user-identifying information related to customer environments had been accessed without authorization. In spite of the company's initial assertion that the incident had been contained and that core platform operations continued, educators later reported that login attempts redirected users to ransom-style messages allegedly associated with the ShinyHunters cybercriminal group upon attempting to log in.

Apparently, the notice instructed affected institutions to engage a cyber advisory firm and negotiate payment terms before a specified deadline otherwise compromised data could be exposed to the public. Despite the fact that the full extent of the intrusion is still under investigation, notifications sent to campus users indicate that names, email addresses, institutional identification numbers, and confidential communications may have been compromised. 

A response from Instructure was that portions of the platform environment had been disabled, the underlying vulnerability had been rectified, digital forensic specialists were engaged, and federal authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, were coordinated. 

A significant number of academic institutions are experiencing the disruption at the same time, with final examinations at California State University Long Beach rapidly approaching. Since Canvas serves as the primary repository for instructional content, coursework, and student records, several educators have described the outage as operationally disrupting, even though some teachers have been able to maintain continuity by using externally hosted materials and collaboration tools through Google. 

Cybersecurity experts caution that, while the current incident has mainly disrupted colleges and universities, K-12 institutions have also faced repeated operational and data security challenges related to attacks against the education technology infrastructure. Researchers referred to the Los Angeles Unified School District cyberattack of 2022, when a ransomware-related intrusion disabled critical district systems over Labor Day weekend, disrupting internal communication, attendance tracking, and classroom instruction. 

Approximately 2,000 student assessment records, together with additional sensitive information, including driver’s license numbers and Social Security numbers accumulated over multiple years, were later published on the dark web as a result of the incident. Recovery efforts lasted for weeks during which administrative and technical staff restored systems and coordinated password resets for over 600,000 user accounts.

According to security researchers, incidents associated with platforms such as Canvas can create long-term phishing and social engineering risks even after services have been restored. A Norton security analyst, Luis Corrons, emphasized that information exposed by the company includes names, institutional email addresses, student identification numbers, and internal academic communications, which could provide threat actors with the necessary context to create highly convincing phishing campaigns impersonating legitimate school notifications regarding grades, coursework, financial aid, and password resets.

In addition to Anton Dahbura's concerns, the executive director of the Johns Hopkins University Information Security Institute advised institutions that residual risk may continue to exist after platform access has been restored, and cautioned against operating under this assumption. According to Dahbura, colleges and universities should encourage students and employees to change their passwords, review authentication tokens, and audit integrations with third-party platforms connected to Canvas environments. 

Likewise, colleges and universities should keep a close eye on follow-on phishing activity targeting them. Further, he emphasized that higher education is increasingly reliant on a single instructional platform, which represents a systemic risk as a whole. He advised academic institutions to develop resilience plans, implement additional security controls, and develop alternative instructional workflows that can support continuity during prolonged service interruptions. 

A centralized cloud-based learning infrastructure in the educational sector has further increased the cybersecurity vulnerability of the sector. As a result of a single third party platform compromise, thousands of academic institutions may be disrupted simultaneously if a single compromise occurs.

A continuing forensic investigation and recovery effort will require security teams on affected campuses to focus on credential protection, phishing monitoring, and access-review procedures, while assessing the degree of integration instructional platforms, such as Canvas, have made with broader institutional networks.
Read more »
Water Plant
Critical Infrastructure Cyber Attacks Poland U.S. Threat Water Plant

Poland Water Plant Hacks Expose Growing Cyber Threat to U.S. Infrastructure

 

Poland has revealed a troubling series of cyberattacks against water treatment plants, underscoring how vulnerable critical infrastructure can become when basic security is neglected. According to reporting on the incident, hackers breached industrial control systems at five facilities and, in some cases, gained the ability to change operational settings that affect pumps, alarms, and treatment equipment. 

The most alarming part of the case is not only that the intrusions happened, but that the attackers were able to move beyond simple access and potentially influence the treatment process itself. That raises the stakes from data theft or disruption to a direct public safety concern, because water systems depend on precise controls to keep supply safe and stable.

Investigators say the entry points were surprisingly basic: weak passwords and systems exposed directly to the internet. Those are avoidable failures, which makes the incident more frustrating for defenders and more attractive to attackers looking for easy ways into high-value targets. The fact that the affected facilities were part of essential municipal infrastructure shows how a small security gap can become a large civic risk. 

The timing matters because Poland’s experience fits a broader pattern of hostile activity against critical infrastructure across Europe and beyond. Polish authorities have linked parts of the campaign to Russian-aligned threat actors, describing the attacks as part of a wider effort to destabilize public services and test national resilience. Whether the goal is espionage, sabotage, or intimidation, water plants are now clearly on the list of targets. 

The United States faces a similar danger. American water utilities have repeatedly drawn warnings from federal agencies, and public reports have shown that many systems still rely on outdated controls, weak access policies, and insecure remote connections. Regulators have also warned that unprotected human-machine interfaces can let unauthorized users view or adjust real-time settings, which is exactly the kind of weakness attackers look for.

The lesson is simple: water security is no longer just an engineering issue, but a cybersecurity priority. Utilities need stronger passwords, network segmentation, tighter remote access controls, and continuous monitoring of industrial systems. If governments and operators do not treat water plants as critical digital assets, the next successful breach could do more than interrupt service; it could threaten public trust in something people depend on every day.
Read more »
virus
Antivirus malware ransomware spyware trojans virus

Virus, Malware, or Spyware? Here’s What They Really Mean

 




Many people casually refer to every cyber threat as a “virus,” but cybersecurity professionals use a much broader classification system. A security program that only defended against traditional computer viruses would offer very limited protection today because viruses represent just one form of malicious software. Modern antivirus platforms are designed to detect and block many different categories of malware, including ransomware, spyware, trojans, credential stealers, rootkits, and bot-driven attacks.

Traditional computer viruses have also become less common than they once were. Most modern cybercriminal groups are financially motivated and prefer attacks that generate revenue rather than simple disruption or digital vandalism. Spyware operators profit from stolen personal information, banking trojans attempt to drain financial accounts directly, and ransomware gangs demand cryptocurrency payments from victims in exchange for restoring encrypted files. Because current security tools already defend against a wide range of malicious software, most users do not usually need to distinguish one malware family from another during day-to-day use.

At the same time, understanding these terms still matters. News reports about cyberattacks, data breaches, espionage campaigns, and ransomware incidents often contain technical language that can confuse readers unfamiliar with cybersecurity terminology. Knowing how different forms of malware behave makes it easier to understand how attacks spread, what damage they cause, and why security researchers classify them differently.

A traditional virus spreads when a user unknowingly launches an infected application or boots a compromised storage device such as a USB drive. Viruses generally try to remain unnoticed because their ability to spread depends on avoiding detection long enough to infect additional files, programs, or devices. In many cases, the malicious payload activates only after a specific date, time, or triggering condition. Earlier generations of viruses often focused on deleting files, corrupting systems, or displaying disruptive messages for attention. Modern variants are more likely to steal information quietly or help conduct distributed denial-of-service attacks that overwhelm online services with massive volumes of internet traffic.

Worms share some similarities with viruses but spread differently because they do not necessarily require users to open infected files. Instead, worms automatically replicate themselves across connected systems and networks. One of the earliest examples, the Morris worm of 1988, was originally intended as an experiment to measure the size of the developing internet. However, its aggressive self-replication consumed enormous amounts of bandwidth and disrupted numerous systems despite not being intentionally designed to cause widespread destruction.

Trojan malware takes its name from the ancient Greek story of the Trojan Horse because it disguises malicious code inside software that appears safe or useful. A trojan may present itself as a game, utility, browser tool, mobile application, or software installer while secretly performing harmful actions in the background. These threats often spread when users unknowingly download, share, or install infected files. Banking trojans are particularly dangerous because they can manipulate online financial transactions or steal login credentials directly. Other trojans harvest personal information that can later be sold through underground cybercrime marketplaces.

Some malware categories are defined less by how they spread and more by what they are designed to do. Spyware, for example, focuses on monitoring victims and collecting sensitive information without consent. These programs may capture passwords, browsing histories, financial information, or login credentials. More invasive forms of spyware can activate webcams or microphones to observe victims directly. A related category known as stalkerware is frequently installed on smartphones to monitor calls, messages, locations, and online activity. Because surveillance-focused malware has become increasingly common, many modern security products now include dedicated spyware protection features.

Adware primarily generates unwanted advertisements on infected devices. In some cases, these advertisements are targeted using data gathered through spyware-related tracking techniques. Aggressive adware infections can become so intrusive that they interfere with normal computer use by flooding browsers, redirecting searches, or constantly displaying pop-up windows.

Rootkits are designed to hide malicious activity from operating systems and security software. They manipulate how the system reports files, processes, or registry information so infected components remain invisible during scans. When security software requests a list of files or registry entries, the rootkit can alter the response before it is displayed, effectively concealing the malware’s presence from the user and from defensive tools.

Bot malware usually operates silently in the background and may not visibly damage a computer at first. Instead, infected devices become part of remotely controlled botnets managed by attackers sometimes referred to as bot herders. Once connected to the botnet, systems can receive commands to send spam emails, participate in coordinated cyberattacks, or overwhelm websites with malicious traffic. This arrangement also helps attackers hide their own infrastructure behind thousands of compromised machines.

Cryptojacking malware secretly hijacks a device’s processing power to mine cryptocurrencies such as Bitcoin. Although these infections may not directly destroy data, they can severely slow systems, increase electricity usage, drain battery life, and contribute to overheating problems because of constant processor strain.

The malware ecosystem also includes droppers, which are small programs designed specifically to install additional malicious software onto infected systems. Droppers often operate quietly to avoid attracting attention while continuously delivering new malware payloads. Some receive instructions remotely from attackers regarding which malicious programs should be installed. Cybercriminal operators running these distribution systems may even receive payment from other malware developers for spreading their software.

Ransomware remains one of the most financially damaging forms of cybercrime. In most attacks, the malware encrypts documents, databases, or entire systems and demands payment in exchange for a decryption key. Security software is generally expected to detect ransomware alongside other malware categories, but many cybersecurity professionals still recommend additional dedicated ransomware defenses because the consequences of missing a single attack can be devastating. Hospitals, schools, businesses, and government organizations around the world have all experienced major operational disruptions linked to ransomware campaigns.

Not every program claiming to improve cybersecurity protection is legitimate. Fake antivirus products, commonly called scareware, are designed to frighten users with fabricated infection warnings and pressure them into paying for unnecessary or malicious software. At best, these programs provide no meaningful protection. At worst, they introduce additional security risks or steal financial information entered during payment. Many scareware campaigns rely on alarming pop-ups and fake scan results to manipulate victims psychologically.

Identifying fake security products has become increasingly difficult because many now imitate legitimate software convincingly. Cybersecurity experts generally recommend checking trusted reviews and downloading security tools only from reputable vendors or established sources. Fraudulent review websites also exist, making careful verification especially important before installing security software.

Modern malware rarely fits neatly into a single category. One malicious program may spread like a virus, steal information like spyware, and hide itself using rootkit techniques simultaneously. Likewise, modern security solutions rely on multiple defensive layers rather than antivirus scanning alone. Comprehensive security suites may include firewalls that block network-based attacks, spam filters that intercept malicious email attachments, phishing protection systems, and virtual private networks that help secure internet traffic. Some VPN services, however, restrict advanced features behind additional subscription payments.

The term “malware” ultimately serves as a broad label covering every type of software intentionally created to harm systems, steal information, spy on users, disrupt operations, or provide unauthorized access. Industry organizations such as Anti-Malware Testing Standards Organization often prefer the term “anti-malware” because it reflects the wider range of threats modern security tools must address. However, most consumers remain more familiar with the word “antivirus,” which continues to dominate the industry despite the changing nature of cyber threats.

Understanding these distinctions does not require becoming a cybersecurity specialist, but it does help people recognize how varied modern digital threats have become. From ransomware and spyware to botnets and credential-stealing trojans, malicious software now exists in many different forms, each designed for a specific purpose within the broader cybercrime economy.

Read more »
Subscribe to: Posts (Atom)

Featured