Canvas Platform Breach Exposes 30 Million Students' Data — Google News Security

Hackers have breached the Canvas learning platform, exposing the personal data of 30 million students. This attack, attributed to the ShinyHunters group, exploited vulnerabilities in the platform's Free-For-Teacher accounts, leading to a significant data compromise. The breach has caused the platform to go offline during critical academic periods, highlighting the urgent need for enhanced security measures in educational technology solutions.

Palo Alto PAN-OS Zero-Day Vulnerability Under Exploitation — Google News Security (JP)

A zero-day vulnerability (CVE-2026-0300) in Palo Alto Networks' PAN-OS is being actively exploited by attackers. This vulnerability involves a buffer overflow that could enable attackers to execute arbitrary code, potentially leading to unauthorized access or denial of service. A patch is expected on May 13th, but security teams must implement temporary mitigations to protect their networks until the patch is available.

• Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak [The Hacker News]
• 国安部揭露蓝牙一键连接的泄密漏洞 - 搜狐网 [Google News Security (CN)]
• Chromeの拡張機能「Claude in Chrome」の脆弱性でAIエージェントの乗っ取りが可能に - 合同会社ロケットボーイズ [Google News Security (JP)]
• Hackers abuse Google ads, Claude.ai chats to push Mac malware [BleepingComputer]
• Braintrust AWS Data Breach Prompts Urgent API Key Rotation for AI Platform Customers - Rescana [Google News Security]