Author: We Fix PC

The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million records tied to students and staff from 8,809 colleges, school districts, and online education platforms. Instructure is a cloud-based education technology company best known for its Canvas learning management system, which schools and universities use to manage coursework, assignments, […]

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. The supply-chain attack led to thousands of infections in more than 100 countries. However, second-stage payloads were deployed only to a dozen machines, indicating a targeted attack aimed […]

The Federal Trade Commission (FTC) will ban data broker Kochava and its subsidiary Collective Data Solutions (CDS) from selling location data without consumers’ explicit consent to settle charges brought nearly four years ago. The FTC sued Idaho-based Kochava in August 2022, alleging it collected and sold precise geolocation data from hundreds of millions of mobile […]

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks before disclosing it publicly. Researchers at threat intelligence company Vega documented the malicious activity and […]

The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the current spike may be due to a large number of AWS Identity and Access Management access […]

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The developer disclosed the supply-chain attack on April 30, saying that version 2.6.3 of the package included a hidden execution chain that downloads and executes a JavaScript payload. PyTorch […]

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. According to […]

Threat actors across underground forums and chat groups are increasingly crafting structured fraud methods aimed at exploiting weaknesses in work processes of financial institutions. Rather than isolated or opportunistic scams, these discussions reflect an organized, process-driven approach that combines stolen identity data, social engineering, and knowledge of financial workflows. Within these conversations, smaller institutions, particularly […]