Zara, the popular clothing retailer, has suffered a data breach affecting nearly 200,000 customers. The hacker group ShinyHunters reportedly obtained sensitive information, including email addresses and other personal data from Zara's database. This incident raises concerns about the safety of customer information and the potential for phishing attacks or identity theft. Customers who provided their data to Zara may now be at increased risk, as attackers could exploit this information for malicious purposes. Companies like Zara need to enhance their security measures to protect customer data and prevent future breaches.
Instructure, the edtech company known for its learning management systems, is facing a serious cybersecurity incident as the hacker group ShinyHunters claims responsibility for a second attack. This breach reportedly puts personal identifiable information (PII) of hundreds of millions of users at risk. The company is currently struggling to regain control and secure its systems from these hackers. The implications of this breach are significant, as it could lead to identity theft and other forms of exploitation for affected individuals. As the situation unfolds, users and institutions relying on Instructure's services need to stay vigilant about their data security.
A significant security incident has emerged involving U.S. military data exposed through a vulnerability in an open directory belonging to CMI Management Inc., a government contractor. This exposure was discovered following a tip-off to Cybernews, raising concerns about the potential accessibility of sensitive information. The data breach could have serious implications for national security, as it may include critical military-related information that should be kept confidential. Despite notifications from the Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability remained unaddressed, highlighting lapses in data protection practices. The incident serves as a reminder for contractors handling government data to prioritize robust security measures and for agencies to ensure that vulnerabilities are promptly resolved.
NVIDIA has confirmed that user data from its GeForce NOW service has been compromised in a recent data breach. The incident specifically affects users in Armenia, with personal information being exposed. While the company has not detailed the exact nature of the data leaked, this breach raises concerns about the security of user accounts and the potential for identity theft. NVIDIA's acknowledgment of the breach is crucial, as affected users may need to take immediate action to protect their accounts and personal information. This situation serves as a reminder for all users to stay vigilant about their online security, especially when it comes to gaming services that store sensitive information.
A data breach affecting nearly 197,000 Zara customers has been linked to a cyberattack on a former technology provider, ShinyHunters. The breach exposed sensitive customer information, including emails, purchase history, and support data. This incident raises concerns about the security measures in place at third-party vendors that companies rely on. Customers whose data was compromised may face increased risks of phishing attempts and identity theft. As major retailers like Zara continue to rely on external partners, ensuring robust security practices across their supply chain becomes increasingly critical.
A group known as ShinyHunters has claimed responsibility for a data breach affecting Canvas, a learning management system used by schools across the United States. They allege that they have obtained personal data from nearly 9,000 educational institutions, which could include sensitive information about students and staff. The potential release of this data poses significant risks, as it could lead to identity theft and other forms of exploitation. The incident raises concerns about the security measures in place to protect educational data, highlighting the need for institutions to enhance their cybersecurity protocols. As the situation develops, affected schools may need to inform their communities and take steps to mitigate the impact of this breach.
Zara, the popular fast-fashion retailer, has suffered a data breach that compromised the personal information of over 197,000 customers. According to Have I Been Pwned, hackers accessed the company’s databases, leading to concerns about the potential misuse of sensitive customer data. The breach raises significant alarm as it could expose customers to identity theft and fraud. Affected individuals may need to monitor their accounts closely and consider taking additional security measures to protect their information. This incident serves as a reminder for companies to strengthen their cybersecurity protocols to prevent future breaches.
RansomHouse, a known ransomware group, has claimed responsibility for a recent breach of Trellix, a cybersecurity company. The group has released screenshots that reportedly show their access to Trellix’s internal services, raising concerns about the security of sensitive information stored by the company. This incident highlights the ongoing risks that cybersecurity firms face, as they are often targeted due to the valuable data they protect. Users and clients of Trellix should remain vigilant about their data security and monitor for any unusual activities. The attack underscores the importance of robust security measures within the cybersecurity sector itself, as breaches can have far-reaching implications for trust and security in the industry.
A significant data extortion attack has hit Canvas, a popular education technology platform used by numerous schools and colleges across the United States. The cybercriminal group responsible for the attack defaced the login page, posting a ransom demand while threatening to expose sensitive information from 275 million students and faculty members at nearly 9,000 educational institutions. This incident has caused widespread disruption to classes and coursework, raising concerns about the security of student data in the educational sector. The situation is ongoing, and institutions are currently grappling with the implications of the attack, including potential data breaches and operational challenges. The attack underscores the vulnerabilities in digital education systems and the urgent need for enhanced cybersecurity measures.
Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
The ShinyHunters hacking group has defaced the Canvas LMS portal, which is widely used by universities for online learning. This breach has disrupted access for hundreds of universities around the globe, impacting students and faculty who rely on the platform for their education. Instructure, the company behind Canvas, confirmed the breach and is currently working to restore services. This incident raises concerns about the security of educational platforms, especially as online learning continues to be a primary method of instruction. The attack highlights the ongoing risks that educational institutions face from cybercriminals.
Instructure, the company behind the popular Canvas learning management system used by many educational institutions, suffered a significant breach attributed to the hacker group ShinyHunters. This incident raises serious concerns about how much trust schools place in their vendors' security practices. The attack not only compromises sensitive information but also highlights the vulnerability of educational institutions that rely heavily on third-party services. As these platforms become integral to online learning, the implications of such breaches can affect students, educators, and administrative operations alike. Schools may need to reassess their vendor relationships and security protocols to better protect their data in the future.
Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
ShinyHunters, a known hacking group, has breached both Instructure and Vimeo, leading to the exposure of millions of records belonging to students and users. The attacks utilized both direct methods and supply chain vulnerabilities, raising serious concerns about the security of educational and video platform data. Millions of individuals may have had their personal information compromised, which can lead to identity theft and other malicious activities. This incident underscores the need for organizations to enhance their security measures, particularly in protecting sensitive user information. As the investigation unfolds, affected users are advised to monitor their accounts closely for any suspicious activity.
A hacker claims to have stolen around 280 million data records from 8,809 educational institutions, including colleges, school districts, and online platforms, in a breach involving Instructure, a prominent education technology company. The records reportedly contain sensitive information about students and staff, raising concerns over identity theft and privacy violations. This incident highlights the vulnerabilities in educational systems, which often store vast amounts of personal data. Users and institutions need to be vigilant about potential phishing attacks and other exploits that could arise from this breach. The impact on students and staff could be severe, as their personal information may be used maliciously.
The article discusses various cybersecurity topics, including the recent activities of hackers targeting mental health organizations. These attackers are exploiting vulnerabilities in systems that handle sensitive patient information, which raises significant privacy concerns. Additionally, the piece touches on the use of OAuth vulnerabilities and highlights a three-day period where key vulnerabilities were identified and reported. The mention of AI suggests that attackers may be using advanced techniques to enhance their operations. As these threats evolve, organizations in the healthcare sector need to bolster their security measures to protect sensitive data and maintain trust with their clients.
In April 2026, Vimeo confirmed that hackers accessed the personal data of 119,000 users through a breach involving a third-party vendor, Anodot. The ShinyHunters group, known for targeting various companies, exploited this vulnerability to steal sensitive information. This incident raises concerns about the security of third-party services that companies rely on, as they can serve as weak links in the overall security chain. Users affected by this breach should be vigilant about their personal information and consider changing their passwords, especially if they use the same credentials across multiple platforms. The breach serves as a reminder for companies to evaluate their partnerships and ensure that vendors adhere to strict security protocols.