Canvas Breach: Login Portals Defaced in Extortion Attack
Instructure says a Canvas incident exposed names, emails, student IDs, and user messages at affected organizations, while login pages were later altered during the same incident.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 4, 2026
Latest reports
ClickFix WordPress Attacks Push Vidar Stealer Malware
Australia warns that ClickFix attacks are abusing compromised WordPress sites and fake CAPTCHA prompts to make Windows users run PowerShell commands that install Vidar…
Fake Claude AI Site Pushes Beagle Windows Backdoor
A fake Claude AI download site is using a working-looking installer to hide a Windows malware chain that drops PlugX-related artifacts and the newer…
GoDaddy ManageWP Phishing Ads Target WordPress Admins
A paid-search phishing campaign is targeting GoDaddy ManageWP logins, turning one stolen dashboard session into a potential multi-site WordPress incident.
Microsoft AiTM Phishing Targeted 35,000 Users
Microsoft says a code-of-conduct phishing campaign targeted 35,000 users with PDF lures, CAPTCHA gates, and AiTM token theft that can bypass ordinary MFA.
CloudZ Malware Abuses Microsoft Phone Link to Steal OTPs
Cisco Talos says CloudZ RAT and its Pheno plugin target Microsoft Phone Link data on infected Windows PCs, turning phone-to-PC syncing into a path…
MuddyWater Uses Microsoft Teams Phishing in Chaos Ransomware Masquerade
Rapid7 says MuddyWater used Microsoft Teams social engineering, remote tools, stolen credentials, and a custom RAT while dressing the intrusion as Chaos ransomware.
Palo Alto PAN-OS Flaw CVE-2026-0300 Exploited for Root RCE
Palo Alto Networks says CVE-2026-0300 is being exploited on exposed PAN-OS User-ID Authentication Portals; the real triage is whether Response Pages expose the portal…
DAEMON Tools Supply Chain Attack: Official Installers Backdoored
DAEMON Tools installers were trojanized in a supply-chain attack. Check affected versions, signed binaries, C2 indicators, and what users and admins should do.