How to Break Into Cyber In The Era of AI & Top Cyber News

We’ve got another week of crazy cyber headlines. 👀 

Feels like it’s been non-stop with new zero-days and data breaches lately, but this week’s continuing the trend!

BTW - This week I just posted my latest interview with Jas Wong who is at the crossroad of AI & Cybersecurity (one of my favorite interviews EVER!) -

Excited to hear your thoughts on the interview! Now, let’s get into the headlines of the week.

1. Canvas Hacked: ShinyHunters Disrupts Canvas During Finals Week

The extortion group ShinyHunters breached Instructure, the company behind Canvas, the learning management system used by 41 percent of higher education institutions across North America.

Stolen data reportedly includes names, email addresses, student ID numbers, and user messages tied to 275 million students, teachers, and staff at nearly 9,000 schools worldwide.

The attackers gave Instructure a May 12 deadline before threatening to leak everything.

Service outages rolled across colleges right in the middle of finals, leaving professors scrambling for backup ways to deliver coursework and grades.

Why it matters: This is one of the largest education sector breaches on record and a textbook case of third-party risk.

Schools with strong internal security still got hit because they trusted a single vendor with their student records, messages, and academic data.

Read more at NPR

2. Palo Alto Networks Zero-Day Lets Attackers Hijack Firewalls With Root Access

Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances.

The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild by the vendor.

CISA added CVE-2026-0300 to its Known Exploited Vulnerabilities catalog on May 6, requiring federal agencies to apply mitigations by May 9, and Shadowserver Foundation has identified more than 5,800 PAN-OS VM-Series firewalls exposed to the public internet.

The first software fixes are expected to be available on May 13, 2026.

Why it matters: This is the worst kind of vulnerability, a critical pre-auth RCE inside the perimeter device that organizations rely on to keep attackers out.

With exploitation already underway and no patch for several days, restricting portal access and hardening configuration is the only defense.

Read more at The Hacker News

3. NVIDIA Confirms GeForce NOW Breach Through Its Armenian Partner

NVIDIA confirmed a data breach affecting users of its GeForce NOW cloud gaming service in Armenia, attributed to its regional Alliance partner

The breach occurred between March 20 and March 26, 2026, and exposed full names, email addresses, usernames, dates of birth, and phone numbers, along with membership status, and 2FA/TOTP status.

No account passwords or payment data were exposed, and NVIDIA stated that its own infrastructure was not compromised.

A threat actor using the ShinyHunters nickname listed the database for $100,000 in Bitcoin or Monero, though researchers believe the actor is likely an impersonator.

Why it matters: The exposed 2FA status detail is the part to watch.

Attackers can filter the list down to accounts without two-factor protection and target those first, turning leaked PII into a launchpad for highly personalized phishing and credential stuffing in the gaming community.

Read more at BleepingComputer

4. Microsoft Says Edge Storing Passwords in Plaintext Memory Is "By Design"

A security researcher disclosed that Edge was the only Chromium-based browser tested that loads the entire password vault into plaintext process memory at startup, where it remains for the duration of the session.

Chrome and other Chromium browsers only decrypt a password when needed, such as for autofill, and use protections like app-bound encryption for keys.

When the researcher contacted Microsoft before going public, the company said the behavior is a deliberate design decision, not a bug.

Exploitation requires local code execution and elevated privileges, which is exactly what infostealer malware is already built to do at scale.

Why it matters: This is a gift to infostealer operators.

Infostealers can be rented through underground forums for around $200 a month, require no technical background to operate, and are already built to harvest credentials out of browser memory, so Edge's design hands them a clean dump of every saved login the moment they get a foothold.

If you use Edge, the safest move is to stop saving passwords in the browser and switch to a dedicated password manager.

Read more at Malwarebytes

The thread tying these four stories together is trust placed in big platforms that are not always living up to it.

Whether it is a school handing its student records to one vendor, an enterprise relying on a firewall to be the wall, a gamer trusting a regional partner with their PII, or anyone using Edge to remember a password, this week shows that the brand on the box does not guarantee the security inside it.

Defense in depth, third-party risk reviews, and good personal habits like dedicated password managers and 2FA are doing the heavy lifting.

Stay patched, stay skeptical. Talk soon!

Sandra / Cyber With Sandra | www.withcybersecurity.com