infrastructure – Wolfinisoftware.de

soc

CVE-2026-42945: 18-Year-Old NGINX Rewrite Flaw May Enable Unauthenticated RCE

14.05.2026

Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-Adresse geschuetzt 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may […] The post CVE-2026-42945: […]

Mehr lesen →

security

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

13.05.2026

The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps. The post Government to Scrutinize Instructure Over Canvas Disruption, Data Breach appeared first on SecurityWeek.

Mehr lesen →

security

US govt seeks Instructure testimony on massive Canvas cyberattack

12.05.2026

The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. […]

Mehr lesen →

security

Cyberangreifer erbeutet Millionen Schülerdaten

12.05.2026

Der Canvas-Anbieter Instructure hat einen Cybersecurity-Vorfall bestätigt. Ein Angreifer konnte sich unbefugten Zugriff auf interne Systeme verschaffen und hat dabei möglicherweise Daten von Schülern, Studierenden und Lehrkräften entwendet.

Mehr lesen →

security

Instructure reaches ‚agreement‘ with ShinyHunters to stop data leak

12.05.2026

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an „agreement“ with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]

Mehr lesen →

security

Instructure confirms hackers used Canvas flaw to deface portals

11.05.2026

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. […]

Mehr lesen →

security

Maschinenidentitäten werden zur Sicherheitsfrage im Mittelstand

07.05.2026

Hybride Infrastrukturen lassen die Zahl der Maschinenidentitäten rasant wachsen, doch viele Unternehmen sichern sie noch mit statischen API-Keys, Tokens und manuell gepflegten Zertifikaten. Der Open-Source-Standard SPIFFE und die Referenzimplementierung SPIRE bieten automatisierte, kurzlebige Workload-Identitäten, die Secrets überflüssig machen.

Mehr lesen →

security

Instructure Breach Exposes Schools‘ Vendor Dependence

06.05.2026

ShinyHunters‘ attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.

Mehr lesen →

security

CISA: Critical Infrastructure Must Master Isolation, Recovery

06.05.2026

The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The post CISA: Critical Infrastructure Must Master Isolation, Recovery appeared first on SecurityWeek.

Mehr lesen →

security

Instructure hacker claims data theft from 8,800 schools, universities

05.05.2026

The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. […]

Mehr lesen →

Tag: infrastructure