Latest Internet & Cybersecurity News
Cisco SD-WAN zero-day CVE-2026-20182 is being actively exploited
A critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager is under active exploitation by the threat group UAT-8616, with a CVSS score of 10.0. Cisco issued a patch on May 15, and CISA ordered federal remediation by May 17 due to the severity of the risk to network infrastructure.
Iranian-linked hackers target U.S. fuel tank monitoring systems
Multiple automatic tank gauge systems at gas stations across several U.S. states were reportedly breached, with Iranian-linked actors suspected. Attackers exploited exposed, unprotected systems to alter fuel-level displays, potentially masking leaks or triggering false alarms.
OT ransomware attacks surge to record levels
NCC Group reported 2,073 ransomware attacks on industrial organizations over the past year, making operational technology one of the most heavily targeted environments. The report highlights major impact across capital goods, machinery, and construction, where attacks can halt production and threaten safety.
Foxconn confirms ransomware attack on North American factories
Foxconn is recovering from a ransomware incident tied to the Nitrogen group that affected several North American factories. The attackers claim to have exfiltrated 8 terabytes of data, including more than 11 million files, underscoring supply-chain risk in manufacturing.
Grafana says attackers used a stolen token to access its GitHub environment
Grafana disclosed that an unauthorized party obtained a token, accessed its GitHub environment, and downloaded its codebase. The attacker also attempted extortion, while reports suggest the CoinbaseCartel group has claimed responsibility.
Canvas/Instructure hack disrupts operations and raises data-leak concerns
Canvas was shut down worldwide after ShinyHunters displayed a warning message threatening to leak student data if the company did not respond. Instructure confirmed a breach affecting student names, emails, and ID numbers, while later reporting patches and increased monitoring.
ShinyHunters continues targeting education and SaaS platforms
The same extortion group linked to the Canvas incident has also claimed attacks on Vimeo, Infinite Campus, Salesforce, and McGraw Hill. The pattern shows continued focus on high-value SaaS ecosystems and mass-data theft for leverage.
Security experts warn of broader risk to U.S. critical infrastructure
A joint advisory from CISA, the FBI, NSA, and DC3 warns that critical infrastructure remains exposed to ongoing cyber operations, especially where systems are internet-facing or poorly secured. The fuel-system intrusions and SD-WAN exploitation show how quickly such weaknesses can be weaponized.
World Cup 2026 security planning is now a major cyber and physical concern
Experts are highlighting the need to protect digital ecosystems, vendor supply chains, and public safety systems ahead of the 2026 World Cup. The event’s scale makes it a prime target for cyber disruption, fraud, and infrastructure attacks.
AI-driven attacks are forcing new cyber training and readiness programs
A new St. Clair College program aims to prepare local leaders for cyberattacks that are becoming more convincing and harder to detect because of AI. The push reflects a wider trend where deepfakes, phishing, and automated intrusion tools are changing the threat landscape.