Latest Internet & Cybersecurity News

đź“…May 8, 2026 at 1:00 AM
Ivanti EPMM flaws under active exploit with CISA deadline; Instructure Canvas breach exposes user data at universities; ransomware attacks surge undisclosed; malware lures rise sharply.
1

Ivanti EPMM CVE-2026-6973 RCE Actively Exploited

Ivanti warns of limited wild exploitation of CVE-2026-6973 in Endpoint Manager Mobile, enabling RCE for authenticated admins. CISA added it to KEV catalog, mandating FCEB fixes by May 10, 2026. Credential rotation from prior flaws reduces risk Source 1.

2

Ivanti Patches Multiple High-Severity EPMM Vulnerabilities

Besides CVE-2026-6973, Ivanti fixed CVE-2026-5786 (improper access control, CVSS 8.8), CVE-2026-5787 (certificate validation flaw, CVSS 8.9), CVE-2026-5788 (CVSS 7.0), and CVE-2026-7821 (CVSS 7.4) allowing impersonation and info disclosure Source 1.

3

University of Delaware Alerts on Canvas Vendor Breach

Instructure disclosed a May 1, 2026 cybersecurity incident exposing names, emails, student IDs, and user messages; no passwords or financial data affected. UD advises phishing vigilance and direct Canvas access via official links Source 2.

4

University of Utah Responds to Instructure Canvas Incident

Notified May 2, 2026 of nationwide Canvas breach by provider Instructure; Utah systems untouched, with enhanced monitoring. Coordinating with Instructure, law enforcement, and forensics for impact assessment Source 5.

5

BlackFog: 2,160 Undisclosed Ransomware Attacks in Q1 2026

Only 264 ransomware attacks publicly disclosed in Q1 2026, but 2,160 hidden, nearly 10x more, with US hit hardest (1,070 undisclosed). Qilin most active; 96% disclosed cases involved data exfiltration Source 3.

6

Qilin Ransomware Leads Both Disclosed and Undisclosed Attacks

Qilin topped undisclosed (16%) and disclosed (8%) ransomware in Q1 2026 per BlackFog. New group The Gentlemen second in undisclosed; ShinyHunters second in disclosed Source 3.

7

Shadow AI Emerges as Ransomware Attack Vector

49% of employees use unapproved AI tools, 51% connect without permission, 58% opt for insecure free versions prioritizing speed over security, per BlackFog research Source 3.

8

Malware Attacks Using Fake CAPTCHA Lures Surge 563% in 2026

SentinelOne telemetry shows 563% increase in incidents where attackers deploy fake CAPTCHA to lure victims into malware traps Source 6.

9

CrowdStrike Names Presidio 2026 Americas Partner of the Year

Presidio awarded CrowdStrike's 2026 Americas Specialized Solutions Partner of the Year at AMER Partner Symposium for technology services excellence Source 4.

10

Insider Threats Guide Highlights 2026 Risks and Examples

Fidelis Security outlines types, causes, and real-world insider threat cases, urging detection and prevention strategies for businesses Source 7.

Back to News