Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.
SecurityWeek

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

An unpatched vulnerability in ChromaDB could be exploited without authentication for remote code execution and server ...
The Hacker News

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks ...
The Hacker News

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively ...
rnz

New Zealand students' details caught up in massive global university hack

University students across New Zealand cannot submit assignments or communicate with tutors after their online learning system was hit by a global data hack. Names, email addresses, student ID numbers ...
Time

What to Know About the Canvas Cyberattack That’s Affected Thousands of Schools

The Widener Library on the Harvard Campus in Cambridge, Mass., on June 4, 2025. Reporter It’s finals season across many U.S. schools and universities, but for some students and teachers, the already ...
KXTV

Hackers breach Canvas learning platform, exposing data on millions of students and teachers

WASHINGTON — A cybersecurity attack on the nation's most widely used classroom software has potentially exposed the personal data of millions of students and educators across the country. Instructure, ...
The New York Times

Canvas Online Learning Platform Shut Down for Hours After Cyberattack

Most users regained access to the platform hours after a hacking group said it had attacked Canvas’s parent company and breached 275 million people’s data. By Hannah Ziegler Canvas, a platform used by ...
Associated Press

Cyberattack hits Canvas system used by thousands of schools as finals loom

Copyright 2026 The Associated Press. All Rights Reserved. Copyright 2026 The Associated Press. All Rights Reserved. People take photos near a John Harvard statue ...
TechCrunch

Hackers deface school login pages after claiming another Instructure hack

On Tuesday, education tech giant Instructure disclosed a data breach where hackers stole students’ private information, including their names, personal email addresses, and messages sent between ...