ZYMP IT Security — May 12, 2026
Canvas LMS Breach Exposes Millions of Student Records
DATA BREACH
Instructure, the company behind the Canvas learning management system, confirmed on May 4, 2026, that cybercriminals successfully breached their systems and extracted sensitive data. The attack was claimed by ShinyHunters, a notorious extortion group known for targeting high-profile organizations across multiple sectors including healthcare, finance, and education.
Canvas serves over 30 million users globally, including students, faculty, and administrators across 6,000 educational institutions worldwide. Student data at risk includes personally identifiable information such as names, email addresses, student identification numbers, academic records, assignment submissions, and communication logs. The breach represents a significant escalation in attacks against educational technology providers.
Educational institutions using Canvas are advised to immediately review their security configurations, audit user accounts for unauthorized access, and implement additional monitoring for suspicious activities. Students and faculty should change their passwords immediately and enable multi-factor authentication where available.
Dirty Frag Linux Vulnerability Under Active Exploitation
VULNERABILITY
Microsoft has warned of a newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” that enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components. The flaw, tracked as CVE-2026-43284 (esp4, esp6) and CVE-2026-43500 (rxrpc), is already seeing limited in-the-wild exploitation.
Dirty Frag is notable because it introduces multiple kernel attack paths to improve exploitation reliability. Rather than relying on narrow timing windows or unstable corruption conditions often associated with Linux local privilege escalation exploits, Dirty Frag appears designed to increase consistency across vulnerable environments. This increases operational risk in environments where threat actors already possess limited local execution capability.
Patches for CVE-2026-43284 were released on May 8, 2026, but patches for CVE-2026-43500 are not yet available. Organizations should evaluate interim mitigations including disabling unused rxrpc kernel modules, restricting unnecessary local shell access, hardening containerized workloads, and increasing monitoring for abnormal privilege escalation activity.
Copy Fail Zero-Day Enables Linux Root Access
ZERO-DAY
A newly disclosed Linux kernel zero-day vulnerability, tracked as CVE-2026-31431 and nicknamed “Copy Fail”, has raised urgent concerns across the cybersecurity community. The flaw affects Linux distributions using kernel versions released since 2017 and could allow an unprivileged local user to gain full root access.
Researchers said the vulnerability can be exploited using a lightweight Python script with no need for race conditions, custom payloads or complex kernel offsets, making exploitation significantly easier than many past privilege escalation flaws. The issue reportedly impacts several major enterprise and cloud platforms, including Ubuntu, Amazon Linux, RHEL and SUSE.
Security researchers warned that the flaw could be used as a container escape technique in Kubernetes environments, potentially allowing compromise of shared host systems. An official patch has now been released, with administrators urged to prioritise updates through their normal distribution channels. Temporary mitigations, including disabling the affected kernel module, have also been recommended.
Ransomware Evolves With Encryptionless Extortion and Post-Quantum Cryptography
RANSOMWARE
With International Anti-Ransomware Day taking place on May 12, Kaspersky has published its annual report on the evolving ransomware landscape. The report reveals that as ransom payments dropped to 28% in 2025, some groups are implementing encryptionless extortion attacks, leaving out the “ware” in “ransomware” and focusing on extracting sensitive data and leveraging the threat of public disclosure as their primary means of extortion.
Another significant development is the appearance of new ransomware families adopting post-quantum cryptography. Advanced ransomware groups have started using post-quantum cryptography as quantum computing evolves. The encryption techniques used by quantum-proof ransomware could be used to resist decryption attempts from both classical and quantum computers, making it nearly impossible for victims to decrypt their data without paying a ransom.
The ransomware ecosystem continues to evolve toward a highly industrialized and specialized model, with initial access brokers maintaining a critical role. RDP, VPN, and RDWeb remain the top access vectors, with attackers increasingly targeting RDWeb portals which are frequently vulnerable and occasionally inadequately safeguarded.
ADT Breach Exposes 5.5 Million Records to ShinyHunters
DATA BREACH
US-based home security giant ADT is facing renewed scrutiny after reports that the ShinyHunters extortion group stole the personal information of 5.5 million individuals. The figure was highlighted by data breach notification service Have I Been Pwned following analysis of the stolen dataset.
ADT said it detected suspicious activity on April 20 and launched an investigation. According to the company, exposed data included names, phone numbers and addresses, with a smaller number of records also containing dates of birth and the last four digits of Social Security numbers or Tax IDs. ADT stressed that no payment data was accessed and customer security systems were not impacted.
The attackers reportedly gained entry through a voice phishing campaign that compromised an employee Okta single sign-on account before moving into connected systems. The incident highlights the growing risk posed by identity-focused attacks targeting SaaS environments. Stronger authentication controls, staff awareness training and continuous monitoring remain critical to defending against modern extortion groups.
ZY Media Productions
IT • Music • Technology