CIRCLE WITH A DOT

Canvas disruptions linked to alleged ShinyHunters extortion activity are impacting schools nationwide.The incident reportedly involves:• 275M+ records• Login page defacements• SaaS platform outages during finalsMajor reminder about third-party risk and SaaS dependency in education infrastructure.Source: https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/Follow TechNadu for more threat intel and cyber updates.#InfoSec #CyberSecurity #Canvas #DataBreach

ML-DSA vs SLH-DSA: Which to Choosehttps://quantumsequrity.com/blog/mldsa-vs-slhdsa#postquantumcryptography #harvestnowdecryptlater #cybersecurity

Possible Phishing on: ️hxxps[:]//135461223[.]site/832/f8e2b900-b6ed-4cde-8169-941cec40fe81/729558/x 🧬 Analysis at: https://urldna.io/scan/69fd75903b7750000560f7f2#cybersecurity #phishing #infosec #urldna #scam #infosec

For $58 on a hacking forum, anyone can buy full remote control of your computer. Camera, keyboard, files — everything.Full analysis: https://threatchain.io/remcosrat-sample-detected-dhl-shipment-details-xls-25c3bd32#cybersecurity #threatintelligence #infosec #SIEM

THREAT INTEL | Soprolux🟢 Actor "bravox" claims Undisclosed️ Unverified claimhttps://www.yazoul.net/intel/claim/2026-05-08-soprolux-ransomware-attack-by-bravox-may-2026#DarkWeb #DataBreach #ThreatIntel #CyberSecurity #InfoSec

New cloud worm “PCPJack” targets exposed infrastructure for credential theft.• Docker & Kubernetes targeted• API keys and SSH secrets harvested• Telegram-based C2 observed• No cryptomining payloadshttps://www.technadu.com/cloud-credential-worm-pcpjack-targets-teampcp-victims/627541/Are credential-focused cloud attacks the new norm?#InfoSec #CloudSecurity #CyberSecurity

Possible Phishing on: ️hxxps[:]//ponmnail[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/69fd3d583b775000089c108e#cybersecurity #phishing #infosec #urldna #scam #infosec

24 hours of MIRE/C³; the latest stats (Runmode: Neutral 404, delay-only) 6,645 requests from 638 unique IPs Attacker bandwidth cost: 21.5MB Attacker total delay: 9h 40m server time Slowest response: 13.0s #MIREC3 #CyberSecurity #FightingBack

Passwordless adoption isn’t failing because of tech Pax8’s Robb Reck says SMBs struggle with:• Legacy apps• Identity sprawl• MFA rollout friction• Limited IT resourcesOperational drag remains the real blocker.https://www.technadu.com/the-real-reason-passwordless-security-stalls-in-smbs/627460/#Infosec #Passwordless #Cybersecurity

New event added: HackBCN May 8-9, 2026 Barcelona https://hackbcn.org#infosec #cybersecurity #conference #Hackbcn #Spain

Possible Phishing on: ️hxxps[:]//emilatores[.]firebaseapp[.]com 🧬 Analysis at: https://urldna.io/scan/69fd5ffb3b77500005d23200#cybersecurity #phishing #infosec #urldna #scam #infosec

(socket.dev) Critical Sandbox Escape Vulnerability in vm2 JavaScript Library Exposes Node.js Applications to Arbitrary Command ExecutionCritical sandbox escape in vm2 (CVE-2026-26956, GHSA-ffh4-j6h5-pg66) enables arbitrary command execution via WebAssembly.JSTag in Node.js applications. Affects vm2 0.2.2–3.10.4 on runtimes exposing WebAssembly.JSTag.In brief - A critical flaw in the vm2 JavaScript sandboxing library allows attackers to bypass sandbox restrictions, access the host Node.js process, and execute arbitrary OS commands. The vulnerability impacts 66 versions of vm2 and requires immediate patching or mitigation via Certified Patches.Technically - The vulnerability stems from insufficient isolation of WebAssembly.JSTag in vm2’s sandbox, allowing malicious JavaScript passed to VM.run() to escape and interact with the host process. Fixed in vm2 3.10.5 by removing WebAssembly.JSTag from the sandbox. Socket’s Certified Patches offer a targeted fix for teams unable to upgrade immediately. Review sandboxed workloads for least-privilege access and stronger isolation.Source: https://socket.dev/blog/free-certified-patches-for-critical-vm2-sandbox-escape#Cybersecurity #ThreatIntel

Possible Phishing on: ️hxxps[:]//btaccountupdate[.]w3spaces[.]com 🧬 Analysis at: https://urldna.io/scan/69fd51d53b775000089c12e2#cybersecurity #phishing #infosec #urldna #scam #infosec

Fact: I spent most of the LA Riots in a school lab trying to recreate Riders on the Storm (The Doors) using analog processing equipment and a MIDI synth for a studio music recording class (poorly, I would say...). Got an A because the prof gave everyone an A since the whole semester was completely shot, really... glad I did not get gunned down by one of the over-eager rich white frat boys with AR-15's on the fraternity row https://www.youtube.com/watch?v=7G2-FPlvY58&list=RD7G2-FPlvY58&start_radio=1

(huntress.com) Threat Actors Exploit Tiflux RMM in Phishing Campaigns for Stealthy Persistence and Privilege EscalationThreat actors are actively exploiting Tiflux, a commercial RMM tool, in phishing campaigns for initial access and persistence since late February. The campaign chains Tiflux with UltraVNC, Splashtop, and ScreenConnect for covert operations.In brief - Huntress researchers identified a surge in incidents involving Tiflux RMM abuse via phishing. The installer includes vulnerable components like HwRwDrv.sys, enabling privilege escalation and system compromise. Organizations must monitor RMM tool usage to prevent unauthorized access.Technically - The attack begins with a phishing email leading to a CloudFlare CAPTCHA-protected page delivering a malicious MSI installer. The installer deploys TiAgent, TiPeerToPeer, and outdated UltraVNC (v1.2.0.1) with hardcoded credentials. Vulnerable drivers (HwRwDrv.sys) and registry modifications disable security notifications, while additional RMM tools (Splashtop, ScreenConnect) facilitate credential theft and system profiling. Expired certificates and SSH host keys further indicate malicious intent.Source: https://www.huntress.com/blog/tiflux-rmm-install#Cybersecurity #ThreatIntel

Possible Phishing on: ️hxxps[:]//zupymlllg[.]firebaseapp[.]com/ 🧬 Analysis at: https://urldna.io/scan/69fcc5143b77500007e54427#cybersecurity #phishing #infosec #urldna #scam #infosec

This week is finals week for many colleges and universities; it is unclear how they intend to handle this outage.

Thank you to Paweł Dawidek and the Fudo Security team for highlighting how they use FreeBSD’s isolation primitives in their security architecture. It’s encouraging to see organizations building enterprise security solutions on top of these primitives and applying them in real-world deployments.#FreeBSD #OpenSource #CyberSecurity #EnterpriseSecurity

@harrysintonen yesterday I read that one should not drop caches in a production system. I don’t know if that recommendation was just for performance or if all hell could break loose.

(wordfence.com) Weekly WordPress Vulnerability Report: Analysis of 87 Newly Disclosed Plugin and Theme VulnerabilitiesThis week’s WordPress vulnerability report discloses 87 new flaws in plugins/themes, including 3 critical, 34 high, and 50 medium-severity issues. XSS (30) and missing authorization (19) dominate the threat landscape, with SQLi (10) and SSRF (3) also present. Firewall rules deployed for premium users; free users protected after 30 days. 84 patched, 3 unpatched.In brief - WordPress ecosystems face significant risk from 87 newly disclosed vulnerabilities, primarily XSS and missing authorization flaws. Immediate patching and monitoring are critical to mitigate exposure.Technically - The report details 87 vulnerabilities (CWE-mapped) with CVSS-rated severity: 3 critical, 34 high, 50 medium. XSS (CWE-79) and missing authorization (CWE-862) lead, followed by SQLi (CWE-89), sensitive data exposure (CWE-200), and SSRF (CWE-918). Wordfence Intelligence deployed enhanced firewall rules for premium users; free-tier protection delayed 30 days. Data sourced from in-house research, bug bounties, and public disclosures.Source: https://www.wordfence.com/blog/2026/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-27-2026-to-may-3-2026/#Cybersecurity #ThreatIntel