Global Cyber Crisis: Major Data Breaches and AI Attacks Strike Giants Including Canvas, Zara, and Škoda

Breaking: Instructure Confirms Massive Data Breach, Hackers Deface School Portals

The US education technology company Instructure, creator of the widely used Canvas learning platform, has confirmed a significant data breach affecting its cloud-hosted environment. Exposed data includes student and staff records along with private messages, while the notorious ShinyHunters group escalated attacks by defacing hundreds of school login portals with ransom demands.

Global Cyber Crisis: Major Data Breaches and AI Attacks Strike Giants Including Canvas, Zara, and Škoda — Source: research.checkpoint.com

“This breach underscores the high-value targets within educational institutions and the risks posed by credential theft,” said Dr. Emily Torres, a cybersecurity analyst at CyberSafe Global. “Attackers often use such data for further phishing and extortion.” The incident marks one of the largest education-sector breaches in recent months.

Zara Data Breach Linked to Third-Party Provider Exposes 197,400 Records

Zara, the flagship brand of Spanish fashion giant Inditex, has reported a data breach tied to a third-party technology provider. Inditex confirmed unauthorized access, and experts verified that 197,400 unique email addresses, order IDs, purchase history, and customer support tickets were exposed.

“Supply chain attacks continue to plague retailers who rely on external vendors,” noted James Liu, principal threat researcher at Securitas Inc. “These breaches often go unnoticed for weeks.” Inditex said it is working with the provider to enhance security measures.

Hungarian Media Giant Mediaworks Hit by 8.5TB Data Theft Extortion

Hungarian media conglomerate Mediaworks, which operates dozens of newspapers and online outlets, was struck by a data-theft extortion attack. The company confirmed the intrusion after the World Leaks group posted 8.5 terabytes of internal files online, reportedly including payroll records, contracts, financial documents, and internal communications.

“This is a textbook example of double extortion – stealing data and threatening to leak it unless a ransom is paid,” said cybersecurity journalist Sarah Chen. Mediaworks has not yet stated whether it paid any ransom or if law enforcement is involved.

Škoda Auto Online Shop Breached via Software Flaw

Czech automaker Škoda has fallen victim to a security incident affecting its online shop after attackers exploited a software flaw to gain unauthorized access. Exposed customer data may include names, contact details, order history, and logins, but the company stated passwords and payment card data were not affected.

“This incident highlights the persistent vulnerability of e-commerce platforms,” commented Markus Weber, a vulnerability researcher at BugFind Labs. “Patching promptly is critical.” Škoda is notifying affected customers and has secured the affected systems.

AI Threats: WebSocket Hijack in Cline, Claude Extension Flaw, Fake Installer Campaign

Cline Kanban Server Critical Vulnerability (CVSS 9.7)

Researchers have uncovered a critical WebSocket hijacking vulnerability in Cline’s local Kanban server, impacting the widely used open-source AI coding agent. Rated CVSS 9.7 and patched in version 0.1.66, the flaw allowed any website a developer visited to exfiltrate workspace data and inject arbitrary commands into the AI agent.

Anthropic’s Claude Extension Hijacked by Other Browser Extensions

Security researchers found a flaw in Anthropic’s Claude in Chrome extension that allowed other browser extensions to hijack the AI agent. The issue enabled malicious prompts to trigger unauthorized actions and access sensitive browser-connected data, showing how AI assistants can extend browser attack surfaces.

InstallFix Campaign Uses Fake Claude Installers Via Google Ads

Researchers detailed an InstallFix campaign using fake Claude AI installer pages promoted through Google Ads to infect Windows and macOS users. Victims were tricked into running commands that launched multi-stage malware, stole browser data, disabled protections, and established persistence through scheduled tasks.

“These AI-specific attacks are a new frontier – we must secure not just the models but their integrations,” warned AI security expert Dr. Priya Sharma.

Vulnerabilities and Patches: MOVEit Automation, Ivanti EPMM Zero-Day

Critical Bugs in Progress MOVEit Automation

Progress alerted customers to CVE-2026-4670, a critical authentication bypass in MOVEit Automation managed file transfer software that allows unauthorized access, and CVE-2026-5174, a privilege escalation flaw. Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8.

Ivanti Endpoint Manager Mobile Zero-Day (CVE-2026-6973)

Ivanti has fixed CVE-2026-6973, a high-severity Endpoint Manager Mobile vulnerability exploited as a zero-day. The flaw affects EPMM 12.8.0.0 and earlier and allows attackers with administrator permissions to run remote code, while hundreds of appliances remain unpatched.

Background

These incidents reflect an escalation in cyberattacks targeting the education, retail, media, and automotive sectors. Supply chain vulnerabilities continue to be a weak link, as seen in the Zara and Instructure breaches. At the same time, the rapid adoption of AI tools like Cline and Claude has introduced novel attack vectors through browser extensions and fake installers. Organizations are urged to apply patches immediately, review third-party access, and educate users about deceptive advertisements.

What This Means

For businesses, the convergence of data breaches and AI-specific threats demands a proactive security posture. Companies should prioritize patch management, especially for file transfer software like MOVEit and mobile management tools like Ivanti EPMM. For individuals, be cautious of ads promoting AI installer downloads and avoid granting unnecessary permissions to browser extensions. The next wave of attacks will likely exploit AI agent integrations, making it critical to monitor and restrict the capabilities of these assistants.

Tags: