A threat actor once again gained unauthorized access into Instructure's Canvas learning management system on May 7, the ed tech company confirmed on its website. The incident caused disruptions for students and teachers at school districts and colleges nationwide as final exam season is underway. Schools and colleges have had to offer grace periods for missed or late assignments affected by the Canvas outage. READ MORE...
BWH Hotels is informing customers about a third-party data breach that gave cybercriminals access to six months' worth of data. The notification email stated that BWH Hotels, which owns the WorldHotels, Best Western Hotels & Resorts, and Sure Hotels brands, identified the intrusion on April 22, but the affected data goes back to October 14, 2025. BWH Hotels CTO Bill Ryan, who penned the notification email, said data belonging to "certain guests" were accessed by an unauthorized third party. READ MORE...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID Connect (OIDC) tokens to publish malicious package versions with verifiable provenance attestation. (SLSA Build Level 3) Attributed to the TeamPCP threat group, the attack started with compromising dozens of TanStack and Mistral AI packages but quickly extended to other popular projects. READ MORE...
Pennsylvania pharma giant West Pharmaceutical Services is scrambling to restore systems impacted by a ransomware attack last week. The incident, the company says in an incident notice, occurred on May 4 and prompted the "proactive shutdown and isolation of affected on-premise infrastructure". The containment measure disrupted the company's business operations globally, West Pharmaceutical Services said in a Monday filing with the Securities and Exchange Commission (SEC). READ MORE...
Japan's prime minister Sanae Takaichi has ordered a review of government cybersecurity strategy, citing the arrival of Anthropic's bug-hunting model Mythos as a moment that makes it necessary to order a cabinet-level project. In a Tuesday cabinet meeting, the PM instructed cybersecurity minister Hisashi Matsumoto to devise measures to check the state of government systems to determine whether it's possible to detect and fix vulnerabilities. READ MORE...
A public exploit is available for a nine-year old vulnerability that affects the Linux kernel, paving the way for root privilege escalation. The flaw, which actually is two vulnerabilities chained together, is in the same class as previously discovered Linux flaws Dirty Pipe and Copy Fail, but affects a different kernel data structure than those issues. Security researcher Hyunwoo Kim disclosed the flaw, dubbed "Dirty Frag," and published a proof of concept (PoC) exploit last week on X. READ MORE...
A test of Anthropic's restricted Claude Mythos model found just one low-severity vulnerability in the widely used open source data transfer tool curl, casting doubt on the AI company's bold claims, though some argue the results say more about curl's robust security than Mythos' limitations. Daniel Stenberg, the lead developer of curl, revealed in a blog post on Monday that he was recently given the opportunity to test the Claude Mythos frontier AI mode. READ MORE...