Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more!
Joshua Marpet
- Canvas Breach Disrupts Schools and Colleges Nationwide
ShinyHunters defaced Canvas's login page with ransom demands, claiming data on 275 million students across 9,000 institutions. Parent company Instructure took the platform offline during finals season, and this is reportedly the group's third breach in eight months, suggesting an ongoing campaign rather than a one-off intrusion. Notable as a real-world hit on the EdTech monoculture.
- SUPPLY CHAIN: Checkmarx Breach Spreads to Bitwarden CLI, KICS, and VS Code Extensions
https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html
The March 2026 Checkmarx breach has expanded into a full developer-tooling supply chain campaign, with attackers pushing malicious KICS Docker images, poisoned VS Code extensions, and a compromised Bitwarden CLI build. Source code from Checkmarx GitHub repos was confirmed posted to dark web markets.
- Active Exploitation: PAN-OS, Ivanti EPMM, and Windows Shell Zero-Days
https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html
Three actively-exploited vulnerabilities hit production this week: PAN-OS CVE-2026-0300 (unauthenticated buffer overflow giving root via the User-ID auth portal), Ivanti EPMM CVE-2026-6973 (authenticated admin RCE), and a confirmed in-the-wild Windows Shell flaw (CVE-2026-32202). Edge appliances and MDM remain the highest-value targets for opportunistic and APT actors, and the cadence of these is not slowing down.
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
- SUPPLY CHAIN: Quasar Linux RAT Targets Developer Credentials
- RESEARCH: Rowhammer Comes for the GPU
- SUPPLY CHAIN: Mini Shai-Hulud Worm Hits 1,800 Developers Across npm, PyPI, and PHP
- Azure DevOps Information Disclosure — CVE-2026-42826 (CVSS 10.0)
- REGULATORY: CIRCIA Final Rule Lands This Month, NIS2 Enforcement Starts
