Top Attacks and Breaches

Canvas Platform Suffers Major Data Breach

Instructure, the US education technology firm behind the widely used Canvas learning management system, has confirmed a significant breach affecting its cloud-hosted environment. The compromised data reportedly includes student and staff records, as well as private messages. The notorious threat group ShinyHunters escalated the incident by defacing hundreds of school login portals with ransom demands, amplifying the impact on educational institutions.

Zara Data Breach Tied to Third-Party Vendor

Zara, the flagship brand of Spanish fashion conglomerate Inditex, experienced a data breach linked to an external technology provider. Inditex acknowledged unauthorized access, and security experts confirmed the exposure of 197,400 unique email addresses, order IDs, purchase histories, and customer support tickets. The breach underscores risks associated with third-party integrations in retail.

Hungarian Media Giant Hit by Data-Theft Extortion

Mediaworks, a Hungarian media company operating dozens of newspapers and online outlets, fell victim to a data-theft extortion attack. After the group World Leaks posted 8.5 TB of internal files online, Mediaworks confirmed an intrusion. The leaked data reportedly includes payroll records, contracts, financial documents, and internal communications, posing severe operational and reputational risks.

Škoda Online Shop Compromised via Software Flaw

Czech automaker Škoda suffered a security incident affecting its online store after attackers exploited a software vulnerability to gain unauthorized access. Exposed customer data may include names, contact details, order history, and login credentials. However, the company stated that passwords and payment card data were not compromised, limiting the financial risk to customers.

AI Threats

Critical WebSocket Hijacking in Cline AI Agent

Researchers uncovered a severe WebSocket hijacking vulnerability in Cline’s local Kanban server, a widely used open-source AI coding agent. Rated CVSS 9.7 and patched in version 0.1.66, the flaw allowed any website a developer visited to exfiltrate workspace data and inject arbitrary commands into the AI agent, potentially leading to supply-chain or code tampering attacks.

Anthropic’s Claude Extension Vulnerable to Browser Hijacking

A security flaw in Anthropic’s Claude in Chrome extension enabled other browser extensions to hijack the AI assistant. The issue let malicious prompts trigger unauthorized actions and access sensitive browser-connected data, illustrating how AI assistants expand the browser attack surface and require rigorous sandboxing.

Fake Claude AI Installer Campaign Infects Users

Security researchers detailed an InstallFix campaign using fake Claude AI installer pages promoted through Google Ads. Victims were tricked into running commands that launched multi-stage malware, stole browser data, disabled protections, and established persistence via scheduled tasks. This campaign targeted both Windows and macOS users, demonstrating the effectiveness of malvertising for AI-themed lures.

Vulnerabilities and Patches

Progress MOVEit Automation Flaws

Progress alerted customers to two critical vulnerabilities in MOVEit Automation managed file transfer software:

• CVE-2026-4670: An authentication bypass allowing unauthorized access, rated critical.
• CVE-2026-5174: A privilege escalation flaw.

Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8. Organizations using MOVEit Automation should apply patches immediately.

Ivanti Endpoint Manager Mobile Zero-Day

Ivanti has fixed CVE-2026-6973, a high-severity vulnerability in Endpoint Manager Mobile (EPMM) that was exploited as a zero-day. The flaw affects EPMM versions 12.8.0.0 and earlier, allowing attackers with administrator permissions to execute remote code. Hundreds of appliances remain at risk, prompting urgent patching recommendations from Ivanti.

Stay informed with our latest threat intelligence and ensure your systems are updated to mitigate these risks.