The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" ...
AARP

Supreme Court Rejects Drugmakers’ Challenge to Medicare Price Negotiations

AARP and other consumer groups are hailing the Supreme Court’s decision that continues the cost-cutting, money-saving ...

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
AARP

Medicare Relaxes Rules for Agents, Brokers Before Open Enrollment This Fall

Critics worry whether Medicare agents and brokers will be transparent about what they can offer and can’t for people who want ...
Windows Report

Tycoon2FA Returns With New Microsoft 365 Device-Code Phishing Attacks

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
Security Boulevard

Reducing Authentication Errors in Enterprise Environments: A Human-Centric Approach

Learn how a human-centric approach can reduce authentication errors in enterprise environments while improving security and ...

Congress investigates Canvas breach as company pays ransom

The US Congress has summoned education tech firm Instructure's CEO Steve Daly to the Hill to explain how digital thieves ...