This week's security news highlights active exploitation of three critical vulnerabilities: a critical (CVSS 9.8) unauthenticated buffer overflow in PAN-OS CVE-2026-0300 affecting versions 10.2.0 through 10.2.4, a high-severity (CVSS 7.2) authenticated admin RCE in Ivanti EPMM CVE-2026-6973 affecting versions prior to 12.6.1.1 as well as 12.7.0.0 and 12.8.0.0, and a medium-severity (CVSS 4.3) in-the-wild Windows Shell flaw CVE-2026-32202 affecting multiple Windows 10 and Server versions requiring specific KB updates. Additionally, the Checkmarx supply chain breach has escalated, spreading malicious Docker images and poisoned VS Code extensions, while the Canvas LMS breach during finals season underscores ongoing risks to the EdTech supply chain.
Subscribe Share Full episode and show notes Supply chain , Compliance Management , DevSecOps Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! – SWN #579 Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! May 8, 2026 Full Segment Notes Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! Hosts Aaran Leyland @aaran#2621 Joshua Marpet https://www.cyturus.com List of Articles Aaran Leyland Anthropic response to 1-click pwn: Shouldn’t have clicked ‘ok’ Joshua Marpet Canvas Breach Disrupts Schools and Colleges Nationwide ShinyHunters defaced Canvas's login page with ransom demands, claiming data on 275 million students across 9,000 institutions. Parent company Instructure took the platform offline during finals season, and this is reportedly the group's third breach in eight months, suggesting an ongoing campaign rather than a one-off intrusion. Notable as a real-world hit on the EdTech monoculture. SUPPLY CHAIN: Checkmarx Breach Spreads to Bitwarden CLI, KICS, and VS Code Extensions https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html The March 2026 Checkmarx breach has expanded into a full developer-tooling supply chain campaign, with attackers pushing malicious KICS Docker images, poisoned VS Code extensions, and a compromised Bitwarden CLI build. Source code from Checkmarx GitHub repos was confirmed posted to dark web markets. Active Exploitation: PAN-OS, Ivanti EPMM, and Windows Shell Zero-Days https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html Three actively-exploited vulnerabilities hit production this week: PAN-OS CVE-2026-0300 (unauthenticated buffer overflow giving root via the User-ID auth portal), Ivanti EPMM CVE-2026-6973 (authenticated admin RCE), and a confirmed in-the-wild Windows Shell flaw (CVE-2026-32202). Edge appliances and MDM remain the highest-value targets for opportunistic and APT actors, and the cadence of these is not slowing down. Anti-DDoS Firm Heaped Attacks on Brazilian ISPs SUPPLY CHAIN: Quasar Linux RAT Targets Developer Credentials RESEARCH: Rowhammer Comes for the GPU SUPPLY CHAIN: Mini Shai-Hulud Worm Hits 1,800 Developers Across npm, PyPI, and PHP Azure DevOps Information Disclosure — CVE-2026-42826 (CVSS 10.0) REGULATORY: CIRCIA Final Rule Lands This Month, NIS2 Enforcement Starts Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments Application security Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378 Supply chain What Is A Router? (And all things AI) – PSW #920 Cloud Security Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet – SWN #563 Related Content AI benefits/risks Trusted third-party connections are the new front door for attackers Security Operations DAEMON Tools installers compromised in new supply chain attack Government Regulations FCC votes to ban Chinese and Hong Kong testing labs for US-bound devices You can skip this ad in 5 seconds