Grafana confirmed suffering a data breach on Sunday, two days after a cybercrime group listed the company on its leak website. The open source visualization and analytics software provider said the intrusion was possible due to a compromised token that granted access to the Grafana Labs GitHub environment. Grafana admitted that the hackers managed to download its codebase, but said no personal or customer information was stolen and the incident has not impacted customer systems or operations. T READ MORE...
7-Eleven, the world's largest convenience store chain, has confirmed suffering a data breach after the notorious ShinyHunters hacker group claimed to have stolen information from its systems. The company has started sending out security incident notices revealing that an intrusion into 7-Eleven systems used to store franchisee documents was detected on April 8. According to a notification submitted to the Maine Attorney General's Office, unspecified personal information has been compromised. READ MORE...
Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work - and a warning about how unprepared most organizations still are. arlier this month, ShinyHunters breached Instructure's Canvas platform twice within a single week - stealing 3.65 terabytes of data from approximately 275 million users across more than 8,000 institutions. The group defaced login pages at hundreds of schools during final exam periods, forced Canvas offline, and extracted a ransom payment before Congress opened a formal investigation. READ MORE...
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. A survey of 750 CISOs from enterprise organizations with more than 5,000 employees in the United States and the United Kingdom revealed gaps between ransomware frequency, confidence in recovery capabilities, and remediation timelines. READ MORE...
If you downloaded the JDownloader installer during the compromise window (May 6-7), you are advised to verify the file. JDownloader is a popular download management application, particularly favored for automated downloads from file-hosting services, video sites, and premium link generators. The JDownloader website was confirmed to have been compromised on May 6-7, 2026. During that window, the Windows "Download Alternative Installer" links and the Linux shell installer were compromised. READ MORE...
A critical vulnerability in Cisco Catalyst SD-WAN Controller is facing active exploitation almost immediately after security researchers publicly disclosed the flaw. The vulnerability, tracked as CVE-2026-20182, is an authentication bypass vulnerability, which has a severity score of 10, which is considered the highest potential rating. The flaw could allow an attacker to circumvent authentication procedures and gain administrative privileges on an affected server. READ MORE...
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was rebuilt on new infrastructure and quickly returned to regular activity levels. READ MORE...