A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...

Millions of students in universities and K-12 districts had their data compromised this week as a hack took down Canvas, a classroom management tool used all over the country. Millions of students in ...

The vast data breach at education platform Canvas this week exposed the vulnerability of student information as hackers increasingly target school systems, colleges and the tech companies they rely on ...

Canvas, one of the most widely used education apps, said it had restored services after pulling the plug in the middle of finals week at many colleges to deal with a cybersecurity incident. From ...

On Tuesday, education tech giant Instructure disclosed a data breach where hackers stole students’ private information, including their names, personal email addresses, and messages sent between ...

Even though we live in a culture where social media gives anyone and everyone a platform to broadcast their inner lives, people today are astonishingly un-self-aware. Though 95% of people believe they ...

On May 3, cybercrime group ShinyHunters claimed responsibility for breaching Instructure — the parent company of Canvas — reportedly compromising the data of hundreds of millions of users, including ...

Add Yahoo as a preferred source to see more of our stories on Google. Investigators say Matthew Lane, a teenage hacker, used stolen credentials to gain access to PowerSchool. What to know about a rare ...

You’ve heard of Instagram Reels — now get ready for Netflix Clips. Netflix is redesigning its mobile app and introducing Clips, a vertical video feed intended to help users discover new content by ...

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...

The Army has relaxed requirements for its cybersecurity awareness and information privacy training from an annual recertification to once every five years, according to a memo from the Army’s chief ...