In today’s cybersecurity news…
Instructure discloses breach amid leak threats
Education software provider Instructure disclosed a cyberattack that disrupted services tied to API keys and led to a data breach affecting its Canvas platform. Attackers accessed names, email addresses, student IDs, and user messages, though the company said passwords and financial data weren’t involved. Instructure says it’s rotated keys, revoked credentials, and contained the situation with outside forensic support. The ShinyHunters group claims responsibility, alleging it stole 3.65 TB of data tied to as many as 275 million users across nearly 9,000 institutions. (SecurityWeek)
DigiCert revokes certificates
DigiCert disclosed a malware attack delivered via a customer support chat, infecting internal systems and pivoting into its support portal to obtain EV code signing certificates. The attackers exploited access to initialization codes and approved orders to generate certificates. Some were used to sign malware, prompting the company to revoke about 60 certificates and cancel affected orders. DigiCert says it contained the incident, found no broader system compromise, and has since tightened controls like MFA and restricting support portal access and file uploads. (SecurityWeek)
Silver Fox targets Indian and Russian orgs
China-linked advanced persistent threat (APT) group Silver Fox launched a phishing campaign targeting organizations in India and Russia using tax-themed emails to deliver malware, including the newly identified ABCDoor backdoor and the known ValleyRAT. Researchers at Kaspersky observed more than 1,600 malicious messages, with attacks using spoofed government notices and malicious archives to gain access and establish persistence with stealthy remote controls. (Dark Reading)
New wave of cargo theft
The FBI is warning cyber-enabled cargo theft is increasing, with phishing, fake websites, and compromised accounts impersonating logistics firms to hijack shipments. Criminals infiltrate broker and carrier systems, post fraudulent load listings, reroute deliveries, and resell stolen goods. Losses in the U.S. and Canada reached around $725 million in 2025 alongside rising incident severity. Researchers at Proofpoint link the activity to organized crime. (Security Affairs)
Huge thanks to our sponsor, Vanta
World Leaks claims breach of Hungarian firm
Ransomware group World Leaks says it breached Hungary’s Mediaworks, leaking about 8.5 TB of allegedly sensitive data including payroll records, contracts, and internal communications. Mediaworks confirmed the incident and launched an investigation, warning that using the stolen data could be illegal, while independent outlets reported the leak may include politically sensitive editorial discussions tied to Russia. The group is known as a rebrand of Hunters International and focuses on data theft and extortion. (The Record)
SimpleHelp and ScreenConnect… go phish
A phishing campaign dubbed VENOMOUS#HELPER has targeted more than 80 organizations, mostly in the U.S., using spoofed Social Security Administration emails to trick victims into installing legitimate RMM tools like SimpleHelp and ScreenConnect. Researchers at Securonix say attackers use these tools to establish persistent, stealthy remote access with redundant control channels, allowing file transfers, command execution, and undetected lateral movement. (The Hacker News)
PyTorch Lightning drops credential stealer
A malicious version of PyTorch Lightning on PyPI executed a hidden supply chain attack that ran an obfuscated JavaScript payload after import. The payload was identified by Microsoft as “ShaiWorm” and steals credentials from browsers, files, tokens, and cloud services, along with arbitrary command execution. The impact seems limited, but the package has been rolled back to version 2.6.1. Affected users are urged to rotate all secrets. (BleepingComputer)
Shocker: kids can circumvent age checks
Research from Internet Matters finds the UK’s new Online Safety Act age checks are largely ineffective, with 46% of children polled saying they’re easy to bypass using tactics like fake birthdays, borrowed IDs, or even disguises like mustaches. The survey of more than 1,000 families also shows 32% of kids have bypassed controls, while 17% of parents admit helping do so. Despite the new rules, 49% of children still report encountering harmful content. (The Register)