Latest Internet & Cybersecurity News

馃搮May 6, 2026 at 1:00 AM
Major 2026 cyber attacks like MOVEit and US gov hacks dominate; Instructure breach hits 8,800 schools, FTC bans Kochava location sales, AI finds Linux flaw.
1

Instructure Hacker Claims Theft of 280M Records from 8,800 Schools

A hacker breached education tech giant Instructure, stealing 280 million student and staff records from 8,809 colleges, districts, and platforms. The claim highlights massive exposure in education sector Source 1.

2

DAEMON Tools Trojanized in Supply-Chain Attack

Hackers compromised DAEMON Tools installers since April 8, deploying backdoors to thousands of systems via the official website. This supply-chain attack underscores risks in software downloads Source 1.

3

FTC Bans Kochava from Selling Location Data

The FTC settled charges against data broker Kochava, banning sales of precise geolocation data from millions of devices without consent. Subsidiary CDS is also restricted Source 1.

4

Google Ups Android Exploit Bounties to $1.5M

Google revamped rewards for Android and Chrome flaws, offering up to $1.5M for top exploits while reducing payouts for AI-detectable bugs. Changes aim to prioritize high-impact vulnerabilities Source 1.

5

CloudZ Malware Hijacks Microsoft Phone Link for OTP Theft

New CloudZ RAT variant uses 'Pheno' plugin to exploit Phone Link, stealing SMS and one-time passwords from mobiles. It targets sensitive authentication data Source 1.

6

MOVEit Mass Attack: Clop Steals from 2,667 Orgs

Clop ransomware exploited MOVEit vulnerability, impacting 84M people across IBM, Deloitte, etc., netting $75-100M in extortion. Patch released May 31, 2026 Source 2.

7

US Government Hacked via Microsoft 365

China-linked Storm-0558 compromised federal agencies and firms through M365, stealing 60,000 emails via phishing and stolen credentials. A misconfigured cloud server aided access Source 2.

8

Royal Ransomware Hits City of Dallas

Royal group (Conti-linked) stole 1.2TB data from 30,000+ individuals, disrupting operations starting April 7, with ransomware on May 4, 2026 Source 2.

9

Nine-Year-Old Linux Kernel Zero-Day Found by AI Researcher

An AI-equipped researcher discovered a long-undetected zero-day flaw in the Linux kernel. It highlights AI's role in uncovering persistent vulnerabilities Source 3.

10

Trellix Reveals Unauthorized Access to Source Code

Cybersecurity firm Trellix disclosed unauthorized access to its source code. Details on impact and response are emerging Source 3.

11

Utah Enforces Age Verification for VPN Users

Utah's new law requiring age verification for VPNs takes effect May 6, 2026, raising privacy concerns about enforcement Source 4.

Back to News