Instructure Says Canvas Breach Came From Free-For-Teacher Account Issue
Instructure says the recent Canvas security incident involved unauthorized access to part of its environment and exposed user data tied to the learning platform. The…
Fake DeepSeek TUI GitHub Repositories Push Rust Malware at Developers
Fake GitHub repositories impersonating DeepSeek TUI are being used to deliver malware to developers and AI users. The campaign abuses interest in AI coding tools…
Fake Claude Website Spreads New Beagle Backdoor Through Windows Installer
A fake Claude website is being used to spread a newly documented Windows backdoor named Beagle. Security researchers say the campaign impersonates Anthropic’s Claude AI…
Google Says Hackers Used AI to Build a Zero-Day 2FA Bypass Exploit
Google says it has identified a cybercrime group using a zero-day exploit that it believes was developed with AI. The exploit targeted a popular open-source…
Popular Go Library fsnotify Triggers Supply Chain Concerns After Maintainer Access Dispute
A maintainer access dispute around fsnotify has raised supply chain concerns across the Go and Kubernetes communities. The widely used Go library did not show…
Microsoft Fixes Critical Copilot Flaws That Could Expose Sensitive Data
Microsoft has fixed three critical-rated information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. The flaws were published on May 7,…
Let’s Encrypt Restores Certificate Issuance After Cross-Signed Root Incident
Let’s Encrypt temporarily stopped certificate issuance on May 8, 2026, after discovering a problem with a cross-signed certificate connected to its new Generation Y root…
NVIDIA Says GeForce NOW Breach Was Limited to Armenian Partner GFN.am
NVIDIA has confirmed that a GeForce NOW data breach affected users of GFN.am, an Armenia-based regional partner, not NVIDIA-operated services. The incident exposed personal information…
TCLBANKER Malware Hijacks WhatsApp and Outlook to Spread Banking Trojan
TCLBANKER is a new Brazilian banking trojan that steals financial data and spreads through victims’ own WhatsApp and Microsoft Outlook accounts. Elastic Security Labs tracks…
cPanel Patches WHM Flaws That Can Enable File Access, Code Injection, and DoS Attacks
cPanel has released security updates for three vulnerabilities affecting cPanel & WHM and WP Squared. The flaws can allow arbitrary file reads, Perl code injection,…
November 21, 2025
1 comment 
