-
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. “The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Jul. 7, 2026EdTech company Instructure confirmed a massive data breach this past spring. The ShinyHunters group claimed responsibility, alleging that data of 275 million individuals was stolen, including private messages between students and teachers. Instructure, best known for its Canvas learning management system used by schools and universities worldwide, disclosed the incident on May 1.
HackRead obtained the full list of affected institutions impacted by the breach, indicating the vast scale of the theft and impacting around 15,000 institutions across the U.K., Europe, and the U.S.
Instructure said it was forced to suspend the Canvas portal May 7. At the time, 30 million users — including around half of the higher education institutions in North America — relied on Canvas to manage courses, submit assignments, view grades and facilitate communication. Some schools affected by the breach postponed or outright scrapped some final exams, with others warning students and professors that they might need to do so.
On May 12 it was reported that Instructure paid a ransom to a gang of cybercriminals, and said it “received digital confirmation of data destruction (shred logs)” and assurance “that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.”
Michael Centrella, the Head of Public Policy at SecurityScorecard, and Theresa Payton, former White House CIO, recently joined Amanda Glassner, Deputy Editor at Cybercrime Magazine, for a riveting discussion on the Canva breach.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post The Canvas Hack: Who, What, Where, When, and Why appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say belong to 19-year-old Peter Stokes. Stokes is
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. “An outsider could go from having no access to taking over any Writer AI
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Noma Labs details GitLost, a prompt injection flaw that made GitHub’s AI agent expose private repo data through a crafted public issue and guardrail failures.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SindriKit 1.3.0 introduces a significant advancement in evading Endpoint Detection and Response (EDR) systems by exploiting dynamic call stack spoofing. This method defeats telemetry that inspects kernel-transition call chains, going beyond just user-mode hooks. Previously, SindriKit 1.2.0 had already separated syscall invocations via indirect syscalls, redirecting to legitimate syscall return instructions in ntdll.dll to evade […]
The post SindriKit 1.3.0 Abuses Call Stack Spoofing to Bypass EDR Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TeamPCP’s wide-scale supply-chain compromises have materially fueled VECT ransomware operations by supplying a vast archive of stolen CI/CD credentials, reshaping how organizations should measure ransomware exposure. Rather than choosing victims in advance, TeamPCP contaminated widely used components Trivy, Checkmarx KICS, LiteLLM, and the Telnyx Python SDK access so that any organization that installed those packages […]
The post TeamPCP Supply Chain Attacks Feed VECT Ransomware With Stolen CI/CD Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, “software supply chain security” meant one question: what’s in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk lives less in the code a
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A targeted spear-phishing campaign that configures AnyDesk for silent, persistent remote access and exfiltrates its configuration using the Blat SMTP utility. The campaign uses an aerospace-themed invoice lure that impersonates the Russian research institute VNIIR via a freshly registered spoof domain (vniir-avia.space) and delivers a password-protected archive that, when opened, triggers a multi-stage dropper and […]
The post Attackers Exfiltrate AnyDesk Configuration Data via Blat SMTP in Aerospace Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶


