CyberSecurity Updates

Eyes wide open: How to mitigate the security and privacy risks of smart glasses

Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Phil Muncaster 11 May 2026  •  , 5 min. read Fashion and many other trends have a way of reappearing every few years. So we probably shouldn’t be surprised that smart glasses are doing the rounds once more, after a failed attempt by Google to popularize them over a decade…

Read More

Frame Security Emerges From Stealth With $50M for Awareness and Training Platform

Frame Security emerged from stealth mode on Monday with $50 million in funding raised for its AI-powered cybersecurity awareness and training platform. The investment came from Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet. US- and Israel-based Frame Security was founded by Tal Shlomo, who serves as the company’s CEO, and Sharon Shmueli, who serves as CTO. Shlomo was one of the earliest employees of cloud security giant Wiz, while Shmueli until…

Read More

Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil. Elizabeth Polo was in a creative writing class at the University of Maryland late Thursday afternoon when a classmate shouted, “Canvas got hacked.” A message from a hacking collective flashed on her computer screen. “Our whole class just like was…

Read More

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: US government targets 72-hour patch cycles US cybersecurity officials are proposing…

Read More

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024 and 2025, with state-sponsored threat actors increasingly shifting focus toward the physical disruption of critical services. A Polish official revealed in August 2025 that a cyberattack could have caused a city to lose its water supply, but the attack was thwarted. No technical information was shared at the time.  The…

Read More

Fixing the password problem is as easy as 123456

Digital Security How come it’s still possible to ‘secure’ an online account with a six-digit string? Tony Anscombe 07 May 2026  •  , 4 min. read The most-used password globally is exactly what you think it is: ‘123456.’ That’s according to NordPass’s latest annual report on passwords exposed in data breaches globally. Other all-too-predictable choices, such as ‘123456789’, ‘12345678’, ‘12345’ and ‘admin’, also prove to have staying power year after year. My first instinct is…

Read More

Fake call logs, real payments: How CallPhantom tricks Android users

There’s an app for everything nowadays… right? Well, looking up call records for a phone number of choice is not one of those things, as potentially millions of Android users found out after paying for app subscriptions promising just that. The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature,…

Read More

Ransomware Group Takes Credit for Trellix Hack

The RansomHouse ransomware group has taken credit for the recent attack on the cybersecurity firm Trellix. The Trellix hack came to light this week when the company announced on its website that part of its source code repository had been breached. “Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited,” the company stated. No other…

Read More

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. A screenshot shared by a reader showing the extortion message that was shown on the Canvas login page today. Canvas…

Read More

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor. The backdoor, named BirdCall by ESET, was originally known to target Windows only;…

Read More