Intelligence Feed
Patch Tuesday, May 2026 Edition
Krebs on Security
12 May 2026
SEV 8/10
Patch Tuesday, May 2026 Edition – Krebs on Security Advertisement Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple , Google , Microsoft , Mozilla Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases. As it does on the second Tuesday of every month, Microsoft today released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products.
Canvas Breach Disrupts Schools & Colleges Nationwide
Krebs on Security
08 May 2026
SEV 4/10
Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security Advertisement An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. A screenshot shared by a reader showing the extortion message that was shown on the Canvas login page today. Canvas parent firm Instructure responded to today’s defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students.
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Krebs on Security
30 Apr 2026
SEV 5/10
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs – Krebs on Security Advertisement A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image. An Archer AX21 router from TP-Link.
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Krebs on Security
21 Apr 2026
SEV 4/10
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty – Krebs on Security Advertisement A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors. Buchanan’s hacker handle “ Tylerb ” once graced a leaderboard in the English-language criminal hacking scene that tracked the most accomplished cyber thieves.
Patch Tuesday, April 2026 Edition
Krebs on Security
14 Apr 2026
SEV 7/10
Patch Tuesday, April 2026 Edition – Krebs on Security Advertisement Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “ BlueHammer .” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. Redmond warns that attackers are already targeting CVE-2026-32201 , a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network. Mike Walters , president and co-founder of Action1 , said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.
Russia Hacked Routers to Steal Microsoft Office Tokens
Krebs on Security
07 Apr 2026
SEV 4/10
Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security Advertisement Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft said in a blog post today it identified more than 200 organizations and 5,000 consumer devices that were caught up in a stealthy but remarkably simple spying network built by a Russia-backed threat actor known as “ Forest Blizzard .” How targeted DNS requests were redirected at the router.
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Krebs on Security
06 Apr 2026
SEV 4/10
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab – Krebs on Security Advertisement An elusive hacker who went by the handle “ UNKN ” and ran the early Russian ransomware groups GandCrab REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021. Shchukin was named as UNKN (a.k.a.
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
Krebs on Security
23 Mar 2026
SEV 4/10
‘CanisterWorm’ Springs Wiper Attack Targeting Iran – Krebs on Security Advertisement A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP . In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability.
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
Krebs on Security
20 Mar 2026
SEV 4/10
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks – Krebs on Security Advertisement The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru , Kimwolf , JackSkid Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
Krebs on Security
11 Mar 2026
SEV 4/10
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker – Krebs on Security Advertisement A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S.