May 9, 2026

 

Hello all,

It has been another busy week. The biggest headline news item is that my birthday is on Sunday. No, actually it is the Instructure Canvas hack by Shiny Hunters. These dirtbags managed to download a massive trove of data from nearly 9,000 schools. This hit right as students were preparing for finals in the US. It was quite the mess. We’ve got a good number of article links in the full listing that give more details.

There are a few other items of note which will be called out in a moment. Otherwise, this week will be shorter as I take a bit of a break to commemorate another trip around the sun that I share with the historical technological achievement that happened on May 10, 1869, the joining of the nation as one country when the Golden Spike was driven in at Promontory Summit in Utah. Now, on to the headline news.

Headline NEWS:

• Apache, several flavors, have had critical vulnerabilities revealed that can enable Remote Code Execution (RCE) and Denial of Service (DoS). Patch ‘em if you’ve got ‘em.
• cPanel and WebHost Manager is widely used to administer websites on virtual hosted and private servers. Last week a critical defect was announced that allows unauthorized access to the panel, which can enable a threat actor to take over your web server. This week another set of vulnerabilities was announced, and more patches were released. The prior vulnerability was available for over 64 days prior to a patch being made available. Thousands of web servers were infected via that hole with Mirai variants and Sorry ransomware. Don’t wait to apply the new patches.
• Cisco is warning about nine software flaws and has made patches available. Some of the holes allow for code execution, theft of information, and for Denial of Service. Check Cisco Security Advisories for more details.

In Ransomware, Malware, and Vulnerabilities News:

• Canvas was breached and exfiltrated. A huge trove of school, student, and teacher data is now in the hands of the evil group known as Shiny Hunters who are threatening to begin leaking it on May 12, 2026, unless their ransom demands are met. This would potentially affect up to 275 million individuals, including private chats between students and teachers that the group claims are in their hundreds of gigabytes data-dump.

In Other News Events of Note and Interest:

• Celebrate America’s 250^th with Google Arts & Culture is a new website by Google that aggregates an incredible archive of information about the United States, its founders, and other downright fascinating information.

Musings

Alleged. I am absolutely disgusted by the mamby-pamby mass media prevarication when it comes to verified, eyewitness, video documented, events. NBC News called the Canvas attack alleged. Alleged?! Canvas itself reported that they were successfully attacked. And this isn’t a move into politics, but the attacker in the recent attempt on the US President’s life was reported about, and is still being reported on, by many in the news, as the alleged attacker. Alleged?! Is there some doubt as to who was on camera, who was tackled by the Secret Service and handcuffed? Words have meaning, grow a backbone! Report facts, stop with the qualifiers and verbal weasel gymnastics when the facts are clearly and unequivocally known!

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
• Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
• Cisco Patches High-Severity Vulnerabilities in Enterprise Products
• Cisco Security Advisories 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA tells critical organizations to prepare for cyber outages
• CISA gives feds four days to patch Ivanti flaw exploited as zero-day
• FCC reverses course, allows software updates for foreign-made drones and routers until 2029
• North Korea rejects US cybercrime claims as ‘absurd slander’
• Five Eyes warn agentic AI is too dangerous for rapid rollout
• Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
• Americans sentenced for running ‘laptop farms’ for North Korea
• Former govt contractor convicted for wiping dozens of federal databases
• Vulnerabilities and Exploits
• Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
• The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew
• Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
• Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information
• Critical Ollama Memory Leak Vulnerability Exposes 300,000 Servers Globally
• Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
• Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
• vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
• Progress warns of critical MOVEit Automation auth bypass flaw
• New Cisco DoS flaw requires manual reboot to revive devices
• FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root
• Amnezia VPN rolls out major bug fixes, a crucial security patch, and new features in latest app update
• Backdoored PyTorch Lightning package drops credential stealer
• Weaver E-cology critical bug exploited in attacks since March
• Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Microsoft Edge stores your passwords in plaintext RAM… on purpose
• Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector
• Mustache Mischief: Kids Bypass UK’s Digital Age Barriers
• Azure AD Conditional Access Bypassed Through Phantom Device Registration and PRT Abuse
• How Cloudflare responded to the “Copy Fail” Linux vulnerability
• 60% of MD5 password hashes are crackable in under an hour
• Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
• New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
• Hacker Takes Over Robot Lawnmower, Runs Over Innocent Man
• Anthrophic’s Mythos: Experts warn cyber threat was already here
• ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
• AISLE Discovers 38 CVEs in Healthcare Software Used by 100,000 Medical Providers
• Fake OpenAI repository on Hugging Face pushes infostealer malware
• Phishing, Malware, and similar
• From phishing to recovery
• Australia warns of ClickFix attacks pushing Vidar Stealer malware
• New Bluekit Phishing Kit Features AI Assistant
• Hackers abuse Google ads for GoDaddy ManageWP login phishing
• Fake Claude AI website delivers new ‘Beagle’ Windows malware
• They don’t hack, they borrow: How fraudsters target credit unions
• New TCLBanker malware self-spreads over WhatsApp and Outlook
• Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
• Amazon SES increasingly abused in phishing to evade detection
• EvilTokens: Big Cybercrime’s AI Platform Built to Bypass Your MFA
• Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
• Trojan abuses Microsoft Phone Link app to steal your passwords
• China-Aligned SHADOW-EARTH-053 Exploits Exchange Servers to Deploy ShadowPad Malware
• “AccountDumpling” – The Google-Sent Phishing Wave Hijacking 30k Facebook Accounts
• Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
• New Phishing Attack Weaponizing Event Invitations to Steal Login Credentials
• New PCPJack worm steals credentials, cleans TeamPCP infections
• Worm rubs out competitor’s malware, then takes control
• Breaches, Leaks, and Ransomware
• MuddyWater hackers use Chaos ransomware as a decoy in attacks
• 76% of All Crypto Stolen in 2026 Is Now in North Korea
• DOJ says ransomware gang tapped into Russian government databases
• AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
• Alleged cyberattack temporarily shuts down Canvas
• Instructure hacker claims data theft from 8,800 schools, universities
• Brown Canvas hacked in nationwide cyberattack
• Hackers steal students’ data during breach at education tech giant Instructure
• Canvas back online after cyberattack shuttered learning platform for schools across US
• Malicious actor may have Hanover Public Schools student, staff data after attempted ransomware attack
• Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses
• NVIDIA confirms GeForce NOW data breach affecting Armenian users 

Other News Events of Note and Interest

• Celebrate America’s 250th with Google Arts & Culture
• Cool Tool: Sysinternals Suite 2026.07.05
• The AWS MCP Server is now generally available
• Denic sorry for DNSSEC error that crashed Germany’s internet
• Meme stock GameStop makes $56 billion offer for eBay in bid to rival Amazon
• Global IT spend to reach $6.31 trillion in 2026 amid data center rush
• The Government Doesn’t Just Want to Ban Ghost Guns. It Wants to Control Your 3D Printer
• One of the most useful Windows 11 unofficial apps UniGetUI gets a new look and design
• iOS 27 Features: Apple Plans to Let Users Swap Models Across Apple Intelligence
• LibreOffice Questions Whether Euro-Office is Truly Sovereign
• EU mulls restricting use of US cloud for sensitive government data: sources
• Behind the Scenes Hardening Firefox with Claude Mythos Preview
• ‘A waste of money’ — Digital rights group slams Utah’s new ‘impossible by design’ VPN restrictions under controversial age verification law
• Proton Mail brings quantum-safe email encryption to all accounts
• ‘This is not facial recognition’ — Meta wants to scan kids’ height and bone structure to verify their age
• Google rolling out big Snapseed 4.0 update for Android
• AI, LLM’s, and Skynet
• Augustine and AI’s false promise
• US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
• Our evaluation of OpenAI’s GPT-5.5 cyber capabilities
• How did ‘large’ language models get that way? The role of Transformers and Pretraining in GPT
• I’m Scared About Biological Computing
• GPT-5.5 Price Increase: What It Actually Costs
• Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber
• Your ChatGPT account just got more secure, but you have to opt in
• Why Chrome may have quietly downloaded a 4GB file to your PC – and how to get rid of it
• What’s new in IAM: Security, governance, and runtime defense
• Microsoft
• Microsoft is making it easier to identify more modern, secure printers in Windows 11
• Microsoft says it’s keeping its promise to fix Windows 11, shares everything that’s changed since March
• Windows 365 and Azure Virtual Desktop: Expanding access
• Microsoft confirms Windows 11 may restart multiple times after updates and your PC isn’t broken, as it’s due to Secure Boot 2023
• Microsoft confirms April Windows updates cause backup failures
• Released: May 2026 Exchange Server Hotfix Update
• Microsoft Agent 365, now generally available, expands capabilities and integrations
• Microsoft Replaces Printer Drivers in Windows 11 With New Secure System
• Microsoft says passwords are no longer enough as it pushes passkeys
• Passkeys aren’t the finish line: Eliminating fallbacks and fixing recovery