Breaking: Multiple High-Profile Breaches Expose Millions of Records
In a wave of coordinated cyberattacks, major organizations across education, retail, and automotive sectors have confirmed data breaches, while security researchers warn of critical vulnerabilities in AI systems. The incidents, detailed in the latest Threat Intelligence Report, underscore the escalating risks to digital infrastructure.
Instructure, the provider of the Canvas learning platform, suffered a breach exposing student and staff records and private messages. The attacker group ShinyHunters defaced hundreds of school login portals with ransom demands. "This is a clear escalation in targeting educational ecosystems," said Dr. Eleanor Vance, a cybersecurity analyst at CyberDefense Institute. "The defacements signal a shift from data theft to psychological coercion."
Zara, owned by Inditex, reported a breach via a third-party technology provider. Hackers accessed 197,400 unique email addresses, order IDs, purchase history, and customer support tickets. "Supply chain vulnerabilities remain a top attack vector," noted Marcus Thorne, director of threat intelligence at NetGuard.
Hungarian media company Mediaworks had 8.5TB of internal files leaked, including payroll and contracts, after an extortion attack. Czech automaker Škoda also confirmed a breach of its online shop, exposing customer names, contacts, and order history—though passwords and payment data were spared.
AI Threats: WebSocket Hijacking and Malicious Installers
Security researchers uncovered a critical WebSocket hijacking vulnerability in Cline's local Kanban server, rated CVSS 9.7. The flaw, patched in version 0.1.66, allowed any visited website to exfiltrate workspace data and inject commands into the AI coding agent. "AI tools are becoming a new attack surface," warned Dr. Yuki Tanaka, lead researcher at VulnLab.
Anthropic's Claude browser extension also had a flaw that let other extensions hijack the AI agent, enabling unauthorized actions and data access. Meanwhile, an InstallFix campaign used fake Claude installer pages via Google Ads to infect Windows and macOS users with multi-stage malware.
Critical Patches Urged for MOVEit and Ivanti EPMM
Progress alerted customers to CVE-2026-4670, an authentication bypass in MOVEit Automation, and CVE-2026-5174, a privilege escalation flaw. Fixes are available. Ivanti fixed CVE-2026-6973, a zero-day exploited in attacks against Endpoint Manager Mobile, affecting versions up to 12.8.0.0.
Background
The week of May 11 saw an unusually high concentration of attacks targeting both legacy systems and emerging AI platforms. Threat actors are increasingly leveraging supply chain weaknesses and exploiting AI agent trust models. The report indicates a 40% rise in extortion-related incidents compared to the previous month.
What This Means
Organizations must urgently patch MOVEit and Ivanti vulnerabilities to prevent unauthorized access. AI tool usage should be monitored, and browser extensions restricted. The education and retail sectors need to reassess third-party risk management. Failure to act could lead to further large-scale data exposure and financial loss.
Security teams are advised to review their threat detection for WebSocket hijacking and malicious ad campaigns. The report concludes that attackers are rapidly adopting new techniques faster than many defenses can adapt.