By Dr. Tim Sandle
DIGITAL JOURNAL
May 9, 2026
Image: — © THOMAS SAMSON/AFP // Getty Images
Today, major cybersecurity threats are dominated by AI-driven attacks, ransomware, and supply chain vulnerabilities, with malicious actors focusing on stealing data, disrupting operations, and exploiting trust.
Key risks include phishing, industrial ransomware, and AI-powered data manipulation.
Top Cybersecurity Threats in 2026
Top Cybersecurity Threats in 2026
AI-Powered Attacks & Deepfakes: Attackers are increasingly using AI to create convincing phishing campaigns and manipulate content.
Ransomware & Multi-layered Extortion: Ransomware remains highly disruptive, with extortionists not just locking data but threatening to publish it.
Targeting Critical Infrastructure & OT: Attacks aimed at Operational Technology (OT) and critical infrastructure, such as energy grids, can cause massive shutdowns.
Supply Chain & Third-Party Attacks: Attacks on vendors or software supply chains allow hackers to compromise many companies at once.
Insider Threats: Employees or contractors, knowingly or unknowingly, bypass security protocols.
Cloud Infrastructure Attacks: Targeting virtual machines and cloud storage, such as hypervisors.
Two key examples of these threats, reported during May 2026, are presented below.
Instructure Hit Again as ShinyHunters Defaces Campus Canvas Portals
ShinyHunters are back, this time defacing Canvas login portals across hundreds of colleges and universities after finding a new vulnerability in Instructure’s platform. ShinyHunters is a notorious cybercriminal group specializing in large-scale data breaches, extortion, and selling stolen data for financial gain.
With the attack, the ShinyHunters extortion group breached Instructure’s Canvas learning platform, potentially exposing names, email addresses, student ID numbers, and private messages of millions of students and teachers nationwide. The incident marks Instructure’s second breach in eight months and comes during finals week, heightening disruption and concern across schools.
Addressing the threat, John Bruggman, CISO at CBTS, explains to Digital Journal just why this hacker group are so troublesome.
Bruggman begins by balancing ‘convenience’ with ‘lowered defences’ for the education sector, noting how: “Everybody loves SaaS convenience, updates and maintenance are handled by the vendor, but when there is an incident, like an account compromise, also known as the identity layer, things can go sideways, quick.”
From this problems develop: “Then one platform issue turns into hundreds of schools trying to figure out what data left the environment, what accounts were exposed, and whether attackers still have access. The defacement gets attention, but the exfiltration is the bigger concern. If attackers access student records, messages, enrolment data, or authentication-related information, schools now have to think beyond the initial breach and focus on the downstream risk that follows. Part of that risk is FERPA compliance, notifying the Department of Education, and notifying students. That part takes time and resources.”
Expanding on these points, Bruggman observes: “There’s a bigger industry problem at play here. Threat groups like ShinyHunters continue to succeed because organizations still struggle with third party risk, managing password resets, identity governance, authentication token security, and, in some cases, understanding how connected cloud platforms actually work together.”
Returning to the recent event, Bruggman recommends: “The IR team working this incident will likely focus on how access was obtained, how long it existed, and whether monitoring and controls kept pace with the complexity of the environment. Patching your stuff still matters more than ever, but governance and operational visibility matter just as much.”
The Play ransomware group have exploited a Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The targets include organizations across various sectors, including IT, real estate, finance, software, and retail.
Windows system under cyberattack
Considering this matter for Digital Journal is Aditya Sood, VP of Security Engineering and AI Strategy at the firm Aryaka.
Looking into the event, Sood describes: “The Play ransomware gang has exploited a Windows system flaw in zero-day attacks that allowed them to gain SYSTEM privileges and deploy malware on compromised systems. The targets include U.S. information technology and real estate organizations, the Venezuelan financial sector, a Spanish software organization, and the Saudi Arabian retail sector.”
Looking at the hackers in greater detail, Sood distills: “Given that this group is known for double extortion attacks, where its members pressure victims into paying ransoms to avoid having their stolen data leaked online, impacted organizations must be especially watchful. This incident underscores how operational downtime from ransomware can have far-reaching consequences, not just for the affected organization but also for the communities that rely on its services.”
Focusing on the innate weaknesses, Sood pulls out: “Zero-day vulnerabilities are a significant concern because they exploit unknown flaws in software.”
Recommending what businesses need to consider, leads Sood to highlight: “Organizations need to develop proactive and reactive security strategies to combat attacks. To minimize the impact of ransomware, it is important that organizations implement swift containment strategies including network segmentation, virtual local area network (VLAN) quarantining, and zero-trust network access (ZTNA). These measures are critical in restricting the lateral movement of ransomware, limiting its spread, and minimizing downtime. The persistent nature of these attacks further reinforces the need for robust network defences, proactive security protocols, and well-maintained isolated backups to protect against increasingly sophisticated ransomware campaigns.”
No comments:
Post a Comment