The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
The Guardian

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Businesses are advised against paying – but many are prepared to deal to protect users’ privacy After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and ...
Forbes

The Canvas Hack Shows Ransomware Isn’t Going Anywhere

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Instructure, the parent company of the popular online education platform Canvas, this week ...
KQED

Canvas Hack: Instructure Agrees to Ransom Deal in Exchange for Stolen Data

Data stolen in last week’s widespread cyberattack on an educational platform that affected students and schools across the Bay Area and the country has been returned, the targeted company said Monday.
CNN

Data stolen in Canvas hack that hit thousands of schools has been returned, company says

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...