Instructure Agrees to Pay ShinyHunters to Stop Data Leak

Instructure Agrees to Pay ShinyHunters to Stop Data Leak

Instructure has reached an “agreement” with the ShinyHunters extortion group to prevent the leak of 3.6TB of data stolen from its Canvas platform. The hackers reportedly returned the data including usernames, emails, and messages and provided “shred logs” confirming its destruction. The breach occurred after attackers exploited XSS vulnerabilities in the “Free-for-Teacher” environment to gain admin access and deface login portals. While the ransom payment suggests the threat is contained, the FBI cautions that data destruction cannot be guaranteed.

Source: Bleeping Computer

Google Identified First Zero-Day Exploit by AI

Google’s Threat Intelligence Group (GTIG) has identified the first confirmed case of a zero-day exploit developed using AI. The Python-based script targets a “popular open-source, web-based system administration tool” to bypass two-factor authentication (2FA). While the specific software remains unnamed, Google noted the exploit code featured clear LLM hallmarks, including “textbook” Python formatting and a hallucinated CVSS score. Although foiled before mass deployment, the incident marks a significant milestone in AI-enabled cyber warfare and offensive vulnerability discovery.

Source: Bleeping Computer

SailPoint Disclosed GitHub Repository Breach

Identity security giant SailPoint disclosed a breach involving unauthorized access to a subset of its GitHub repositories on April 20, 2026. According to an SEC filing, the incident was triggered by a vulnerability in a third-party application, which has since been remediated. While source code was potentially exposed, SailPoint’s investigation found no evidence of impact on customer data, production environments, or service continuity. The company has directly notified affected customers and contained the activity with help from external experts.

Source: Security Affairs

Poland Water Treatment Plants Hacked

Poland’s Internal Security Agency (ABW) reported that hackers breached industrial control systems (ICS) at five water treatment plants in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. The attackers gained the ability to modify real-time operational parameters, such as pump thresholds and chemical dosing, posing a direct risk to the public water supply. Attributed to Russian-linked groups like APT28 and APT29, the intrusions exploited weak password policies and systems left exposed directly to the public internet.

Source: Security Week

Zara Data Breach Exposes Information of 197,000 People

A data breach at Zara has exposed the personal information of approximately 197,400 people. The ShinyHunters extortion gang claimed responsibility, leaking a 140GB archive allegedly stolen from BigQuery instances via compromised Anodot authentication tokens. According to “Have I Been Pwned,” the exposed data includes unique email addresses, purchase histories, and support tickets. While Zara’s parent company, Inditex, confirmed the breach originated at a former tech provider, it emphasized that names, credentials, and payment details were not accessed.

Source: Bleeping Computer

Click here to subscribe our Newsletter