Canvas Data Breach Disrupts Education Nationwide — Krebs on Security

The widely-used education technology platform Canvas has suffered a significant data breach, disrupting schools and colleges across the U.S. The breach, attributed to an ongoing data extortion attack, has led to the exposure of sensitive information and operational interruptions. Security teams should be aware of potential data leaks and take immediate action to secure educational data systems and verify their integrity.

Linux 'Dirty Frag' Zero-Day Grants Root Access — The Hacker News

A newly discovered Linux zero-day exploit, dubbed 'Dirty Frag', allows local attackers to escalate privileges to root across major distributions. This vulnerability, which currently lacks a patch, affects multiple versions of the Linux kernel, posing a significant threat to systems where local access can be obtained. Security teams should prioritize monitoring for unusual local activity and consider implementing temporary mitigations until patches are released.

• NVIDIA confirms GeForce NOW data breach affecting Armenian users [BleepingComputer]
• Zara data breach exposed personal information of 197,000 people [BleepingComputer]
• Trellix source code breach claimed by RansomHouse hackers [BleepingComputer]
• CISA gives feds four days to patch Ivanti flaw exploited as zero-day [BleepingComputer]
• AI Firm Braintrust Prompts API Key Rotation After Data Breach - SecurityWeek [Google News Security]