Instructure breached and more - May 10, 2026

Weekly Roundup
Written By RF Wave

Featured

Instructure has confirmed data was stolen in a cyberattack

The ShinyHunters group has claimed responsibility

This Week’s Updates

Breaches

Cybersecurity firm Trellix disclosed a data breach after attackers gained unauthorized access to a portion of its source code repository

Disc Soft Limited (DAEMON Tools) confirmed its software was trojanized in a supply chain attack since April 8 and released a clean, malware-free version

Vulnerabilities

CISA warned that the "Copy Fail" Linux privilege escalation flaw is actively being exploited in the wild, one day after a public PoC exploit was released

Progress Software warned customers to patch a critical authentication bypass vulnerability in MOVEit Automation, its enterprise-grade managed file transfer product

A critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation platform has been actively exploited in attacks since mid-March

Palo Alto Networks warned that a critical unpatched zero-day in the PAN-OS User-ID Authentication Portal is being actively exploited in attacks

Cisco patched a denial-of-service vulnerability in Crosswork Network Controller and Network Services Orchestrator that requires a manual reboot to recover affected systems

A critical sandbox escape vulnerability in the Node.js vm2 library allows attackers to break out of the sandbox and execute arbitrary code on the host system

Palo Alto Networks confirmed state-sponsored hackers have been exploiting a PAN-OS firewall RCE zero-day since April 9, nearly a month before disclosure

Ivanti warned customers of an actively exploited high-severity RCE zero-day in Endpoint Manager Mobile (EPMM) and urged immediate patching

A new Linux zero-day named "Dirty Frag" enables local attackers to gain root privileges on most major Linux distributions with a single command using a public PoC

RF Wave
Next

Vimeo breached and more - May 3, 2026