Instructure Confirms Data Breach Amid ShinyHunters Attack Claims — BleepingComputer

Instructure, a major educational technology company, has confirmed a data breach reportedly orchestrated by the hacking group ShinyHunters. This incident marks the second breach for Instructure within a year. The breach may involve sensitive educational data, raising concerns about data security in educational platforms. Security teams should evaluate their current defenses against similar threat actors and ensure robust incident response plans are in place.

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV — The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux root access vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, actively exploited in the wild, allows attackers to gain unauthorized root access on affected Linux systems. Security teams should prioritize patching affected systems and monitor for any indicators of compromise associated with this CVE.

• Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha [BleepingComputer]
• Telegram Mini Apps abused for crypto scams, Android malware delivery [BleepingComputer]
• ShinyHunters Claim NVIDIA GeForce NOW User Database Theft - SQ Magazine [Google News Security]
• Thunderbird 150.0.1緊急アップデート公開、メモリ破損で任意コード実行の恐れ—4件の脆弱性をMozillaが修正 - innovaTopia [Google News Security (JP)]