May 11, 2026 Emerging Threats Weekly

Kroll · Beginner ·📰 AI News & Updates ·2mo ago

About this lesson

This week’s briefing covers: 00:00 – Intro 00:40 [CAMPAIGN] Canvas Security Incident Canvas, the learning management system operated by Instructure and widely used by schools, universities, and other education providers, is the subject of an ongoing cyber extortion campaign. Public reporting attributes the activity to SHINYHUNTERS, a data-extortion group that has claimed access to large volumes of Canvas-related user data. 02:54 [PHISHING] Code-of-Conduct AiTM Campaign Hit 35,000 Users Across 13,000 Organizations Microsoft reported a coordinated, multi-stage phishing campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries between April14 and 16, with 92% of observed activity affecting U.S.-based victims. 04:33 [VULNERABILITY] “Copy Fail” Linux Privilege-Escalation Bug Added to KEV Amid Active Exploitation CISA has added CVE-2026-31431, dubbed Copy Fail, to its known exploited vulnerabilities (KEV) catalogue, confirming real-world exploitation within 24 hours of disclosure. The Linux local privilege-escalation vulnerability affects every mainstream kernel built since 2017 and allows authenticated local users to escalate to root access. 06:38 [THREAT ACTOR] China-Nexus UAT-8302 Expanded Government Targeting Across South America and Southeastern Europe Cisco Talos disclosed UAT 8302 as a China nexus advanced persistent threat group that has been targeting government entities in South America since late 2024. The activity expanded in 2025 to include government agencies in southeastern Europe. 08:34 [CAMPAIGN] VENOMOUS#HELPER Phishing Used Legitimate RMM Tools for Durable Remote Access Securonix reports that the ongoing VENOMOUS#HELPER campaign has affected more than 80 organizations, most of them in the U.S. The operation appears to use phishing as the entry point and legitimate remote monitoring and management software as the persistence mechanism. 10:38 [VULNERABILITY] Ollama Windows Auto-Updater Flaws Can Be Chained in

Original Description

This week’s briefing covers: 00:00 – Intro 00:40 [CAMPAIGN] Canvas Security Incident Canvas, the learning management system operated by Instructure and widely used by schools, universities, and other education providers, is the subject of an ongoing cyber extortion campaign. Public reporting attributes the activity to SHINYHUNTERS, a data-extortion group that has claimed access to large volumes of Canvas-related user data. 02:54 [PHISHING] Code-of-Conduct AiTM Campaign Hit 35,000 Users Across 13,000 Organizations Microsoft reported a coordinated, multi-stage phishing campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries between April14 and 16, with 92% of observed activity affecting U.S.-based victims. 04:33 [VULNERABILITY] “Copy Fail” Linux Privilege-Escalation Bug Added to KEV Amid Active Exploitation CISA has added CVE-2026-31431, dubbed Copy Fail, to its known exploited vulnerabilities (KEV) catalogue, confirming real-world exploitation within 24 hours of disclosure. The Linux local privilege-escalation vulnerability affects every mainstream kernel built since 2017 and allows authenticated local users to escalate to root access. 06:38 [THREAT ACTOR] China-Nexus UAT-8302 Expanded Government Targeting Across South America and Southeastern Europe Cisco Talos disclosed UAT 8302 as a China nexus advanced persistent threat group that has been targeting government entities in South America since late 2024. The activity expanded in 2025 to include government agencies in southeastern Europe. 08:34 [CAMPAIGN] VENOMOUS#HELPER Phishing Used Legitimate RMM Tools for Durable Remote Access Securonix reports that the ongoing VENOMOUS#HELPER campaign has affected more than 80 organizations, most of them in the U.S. The operation appears to use phishing as the entry point and legitimate remote monitoring and management software as the persistence mechanism. 10:38 [VULNERABILITY] Ollama Windows Auto-Updater Flaws Can Be Chained in
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

📰
Google Is Winning the AI Race and Losing Its Business Model at the Same Time
Google is leading in AI development but its business model is under threat due to changes in search behavior and advertising revenue, learn how AI is disrupting traditional business models
Medium · AI
📰
AI Will Not Save You from Thinking: Why Polymathy Is Becoming the Real Career Advantage
Learn why polymathy is crucial in an AI-driven career and how to develop it to stay ahead
Medium · AI
📰
The Apple Intelligence Compromise: Why China is Forcing Apple to Use Local AI Models
Apple must use local AI models in China, highlighting geopolitical tensions in tech
Medium · AI
📰
Everything You Know About AI Needs an Urgent Upgrade
Upgrade your understanding of AI to keep pace with rapid advancements in the field
Medium · Programming

Chapters (7)

Intro
0:40 [CAMPAIGN] Canvas Security Incident
2:54 [PHISHING] Code-of-Conduct AiTM Campaign Hit 35,000 Users Across 13,000 Organiza
4:33 [VULNERABILITY] “Copy Fail” Linux Privilege-Escalation Bug Added to KEV Amid Act
6:38 [THREAT ACTOR] China-Nexus UAT-8302 Expanded Government Targeting Across South A
8:34 [CAMPAIGN] VENOMOUS#HELPER Phishing Used Legitimate RMM Tools for Durable Remote
10:38 [VULNERABILITY] Ollama Windows Auto-Updater Flaws Can Be Chained in
Up next
Mythos Hype is Absurd! You Already Have AI Tools #shorts
Income stream surfers
Watch →