Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 4th May and 10th May 2026.4th May
7 Ways to Modernize Employee Phishing Training for AI-Driven Threats
15-year-old detained over massive data breach at French government agency
2026: The Year of AI-Assisted Attacks
Bluekit Phishing Kit Automates Domain Setup and Session Hijacking
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Boutique phishing kit Saiga 2FA reappears with new campaigns and ‘lorem ipsum’ metadata
Canvas Confirms Data Breach Following ShinyHunters Claim
Canvas Parent Instructure Confirms Data Breach After ShinyHunters Claims Attack
CISA Alerts on cPanel & WHM Flaw Actively Exploited in Attacks
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA Warns of Linux Kernel Zero-Day Vulnerability Exploited in Active Attacks
Critical Apache MINA Flaws Enable Remote Code Execution Attacks
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Cybercriminals Abuse Tanstack Package To Target Developer Environments
Cybersecurity professionals jailed for ransom attacks
Data breach hits Canvas learning platform serving millions
Department of Justice (DOJ) Sentences Two Americans for ALPHV BlackCat Ransomware Attacks
DigiCert breached via malicious screensaver file
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
FBI Warns of Surge in Cyber-Enabled Cargo Theft Targeting Logistics Firms
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701 Million
Hackers breach Canvas learning platform serving millions, steal student data
Hackers replace top Google result for Homebrew with sponsored MacOS malware
Hackers threaten to leak Canvas messages and emails: 275 Million students at risk
Instructure Faces Cyberattack Resulting in Data Breach Affecting Millions in Education Sector
Instructure Restores Services Following Major Edtech Data Breach
Instructure, Parent of Canvas, Confirms Data Breach
Kaspersky Reveals SilverFox Cyber Attack Disguised as Tax Audit in Indonesia
KnowBe4 finds 86% of phishing attacks now AI-driven
Major car brands face 'unavoidable trade-off' as hackers target millions of vehicles, ex-FBI cyber chief warns
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
National Cyber Security Centre (NCSC) Warns Organisations to Act Fast as Hidden Software Flaws Surface
New ‘Bluekit’ Phishing Kit Uses AI Assistant to Simplify and Scale Cyber Attacks
New Phishing Scam Uses Fake Party Invites To Steal Passwords And Personal Data
New Zealand electrical contractor confirms cyber attack
Over 40% of UK Firms Hit by Cyber Attacks Last Year, Government Survey Finds
Phishing Emails Now Look Legitimate, One Wrong Click Can Expose OTP And Bank Accounts
Progress warns of critical MOVEit Automation auth bypass flaw
Ransomware accounts for 90% of cyber losses in manufacturing, claims data shows
Ransomware In 2026: Newer Groups, Severe Impact
Ransomware Victims Jump To 7,831 As AI Crime Tools Scale Global Attacks
Rhode Island Settles With Deloitte for $12 Million Over 2024 Ransomware Attack on Benefits System
Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later
ShinyHunters Claims Responsibility for Instructure Data Breach
ShinyHunters impersonator claims to have hacked Nvidia’s GeForce Now
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
South Korea: Phishing Sites Disguised as KakaoTalk, Claude Downloads Steal User Data
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
'The inbox is no longer the only front line': Report claims vast majority of phishing attacks are now generated by AI - here's how to stay safe
‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft Teams
Thousands of Facebook accounts stolen by phishing emails sent through Google
Two cybersecurity pros get prison time for helping ransomware gang
US healthcare marketplaces shared citizenship and race data with ad tech giants
Your work apps are quietly handing 19 data points to someone