VulnHub

Real-time Cybersecurity News

Infinite Campus warns of breach after ShinyHunters claims data theft

BleepingComputer
Data Breach

Overview

Infinite Campus, a popular student information system used by K-12 schools, has alerted its customers about a data breach after a group known as ShinyHunters claimed to have stolen sensitive information. The attackers reportedly attempted to extort Infinite Campus, raising concerns about the safety of student data and the potential for further exploitation. Schools relying on this system could be at risk of having personal information of students and staff compromised. As of now, it's unclear what specific data has been accessed and how many users are affected. This incident highlights the ongoing challenges educational institutions face in protecting their systems from cyber threats.

Key Takeaways

  • Affected Systems: Infinite Campus K-12 student information system
  • Action Required: Customers are advised to monitor their accounts for suspicious activity and follow best practices for data protection.
  • Timeline: Newly disclosed

Original Article Summary

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [...]

Impact

Infinite Campus K-12 student information system

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Customers are advised to monitor their accounts for suspicious activity and follow best practices for data protection.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Surge in Silent Subject Phishing Attacks Targets VIP Users

Infosecurity Magazine

Recent reports indicate a rise in silent subject phishing attacks specifically targeting VIP users. These attacks manage to evade traditional email filters by using blank subject lines, making them harder to detect. Attackers are employing QR codes and remote monitoring management (RMM) tools to carry out these schemes. The focus on high-profile individuals means that the potential for financial loss or data breaches is significant. As this trend grows, it is crucial for organizations to enhance their email security measures and educate users on recognizing suspicious communications.

Apr 22, 2026

Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

SecurityWeek

The UK's cybersecurity chief has warned that British businesses must brace for potential cyberattacks from Russia, Iran, and China, especially if the country becomes involved in an international conflict. These nations are identified as the primary sources of serious cyber threats against the UK. The official emphasized the need for businesses to enhance their defenses to avoid being targeted at scale, which could disrupt operations and compromise sensitive data. This warning comes amid growing tensions globally, suggesting that the risk of cyberattacks may escalate as geopolitical situations evolve. Companies are urged to take proactive measures to safeguard their systems and data against these heightened threats.

Apr 22, 2026

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention

SecurityWeek

A new malware strain known as Lotus Wiper has been identified targeting the Venezuelan energy sector. This malicious software is designed to disrupt recovery systems by overwriting drives and systematically deleting files, posing a significant threat to the infrastructure of the energy industry. The timing of this attack is particularly notable as it occurred just before a U.S. intervention in Venezuela, raising concerns about the geopolitical implications of cyberattacks in sensitive sectors. Energy companies in Venezuela should be particularly vigilant and assess their cybersecurity measures to protect against such destructive malware. The incident underscores the persistent risk that state-sponsored or politically motivated cyberattacks pose to critical infrastructure.

Apr 22, 2026

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

SecurityWeek

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Apr 22, 2026

Claude Mythos Finds 271 Firefox Vulnerabilities

SecurityWeek

A recent analysis by Claude Mythos has uncovered 271 vulnerabilities in the Firefox web browser. Mozilla has stated that these vulnerabilities could also have been identified by skilled human researchers, indicating a significant level of concern regarding the browser's security. Users of Firefox should be aware of these vulnerabilities, as they could potentially expose them to various cyber threats. The sheer number of flaws raises questions about the effectiveness of current security measures in place for the browser. Mozilla has yet to release specific details about fixes or patches to address these issues, making it critical for users to stay updated on future developments.

Apr 22, 2026

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

The Hacker News

Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.

Apr 22, 2026