#cyberattack
Google Warns Hackers Used AI to Plan Massive Zero-Day Cyberattack
Google warned on Monday, May 12, 2026, that hackers attempted to use artificial intelligence tools to plan a large-scale zero-day cyberattack capable of bypassing two-factor authentication systems. The company’s Threat Intelligence Group (GTIG) said it has “high confidence” that cybercriminals used advanced AI models to identify and exploit an undisclosed software vulnerability before developers became aware of it. Officials said Google’s proactive discovery may have stopped what could have become a “mass vulnerability exploitation operation.” AI Security Threats Raise Industry Alarm The report highlights growing fears that AI-powered hacking tools are accelerating cyber threats against businesses, government agencies, and critical digital infrastructure worldwide. Google clarified that its own Gemini AI model was not involved. However, investigators found evidence that hackers were using publicly available AI systems, including OpenClaw, to discover software flaws, develop malware, and automate cyberattacks. Security analysts say AI-driven vulnerability discovery could dramatically reduce the time hackers need to launch sophisticated attacks. OpenAI and Anthropic Also Tighten Security The findings come as major AI companies increase restrictions on powerful cybersecurity-focused models. Last week, OpenAI announced limited access to GPT-5.5-Cyber for vetted security teams, while Anthropic previously delayed the release of its Mythos model over fears criminals could exploit older software vulnerabilities. According to Google, cyber groups linked to China and North Korea showed “significant interest” in using AI for vulnerability discovery and cyber operations, signaling a rapidly evolving global cybersecurity threat landscape.
Google Warns Hackers Used AI to Plan Massive Zero-Day Cyberattack
Google warned on Monday, May 12, 2026, that hackers attempted to use artificial intelligence tools to plan a large-scale zero-day cyberattack capable of bypassing two-factor authentication systems. The company’s Threat Intelligence Group (GTIG) said it has “high confidence” that cybercriminals used advanced AI models to identify and exploit an undisclosed software vulnerability before developers became aware of it. Officials said Google’s proactive discovery may have stopped what could have become a “mass vulnerability exploitation operation.” AI Security Threats Raise Industry Alarm The report highlights growing fears that AI-powered hacking tools are accelerating cyber threats against businesses, government agencies, and critical digital infrastructure worldwide. Google clarified that its own Gemini AI model was not involved. However, investigators found evidence that hackers were using publicly available AI systems, including OpenClaw, to discover software flaws, develop malware, and automate cyberattacks. Security analysts say AI-driven vulnerability discovery could dramatically reduce the time hackers need to launch sophisticated attacks. OpenAI and Anthropic Also Tighten Security The findings come as major AI companies increase restrictions on powerful cybersecurity-focused models. Last week, OpenAI announced limited access to GPT-5.5-Cyber for vetted security teams, while Anthropic previously delayed the release of its Mythos model over fears criminals could exploit older software vulnerabilities. According to Google, cyber groups linked to China and North Korea showed “significant interest” in using AI for vulnerability discovery and cyber operations, signaling a rapidly evolving global cybersecurity threat landscape.
Canvas Cyberattack: Schools Scramble as Student Data Leak Fears Grow
Canvas cyberattack disrupts schools during finals The Canvas cyberattack disrupted schools and universities nationwide during final exam season, leaving students unable to access assignments, grades and course materials. The incident has also raised data breach fears after ShinyHunters claimed it stole Canvas user information. What happened to Canvas? Canvas, the learning platform run by Instructure, was taken offline for many users after reports of hacked login pages and service disruptions. Students at multiple colleges said they were redirected to a message allegedly posted by ShinyHunters, a hacking group that threatened to leak school data if its demands were not met. The timing intensified the fallout. With finals underway, some students lost access to exam materials, lecture notes and submission portals, forcing schools to adjust deadlines, monitor systems and guide users through temporary workarounds. Which schools were affected? The disruption touched schools across the U.S., including districts and colleges in North Texas. Plano ISD, Allen ISD, Southern Methodist University and Tarrant County College were among institutions reviewing the impact as Canvas access began returning. What student data may be at risk? Instructure has said it is investigating the security incident. Reports indicate the exposed information may include names, email addresses, student ID numbers and messages, though the full scope has not been independently confirmed. Cybersecurity experts warn that education platforms remain high-value targets because they store data on minors, teachers and university communities. For students and families, the immediate advice is simple: watch for suspicious emails, avoid unknown links and follow official school updates while the investigation continues.
Canvas Cyberattack: Schools Scramble as Student Data Leak Fears Grow
Canvas cyberattack disrupts schools during finals The Canvas cyberattack disrupted schools and universities nationwide during final exam season, leaving students unable to access assignments, grades and course materials. The incident has also raised data breach fears after ShinyHunters claimed it stole Canvas user information. What happened to Canvas? Canvas, the learning platform run by Instructure, was taken offline for many users after reports of hacked login pages and service disruptions. Students at multiple colleges said they were redirected to a message allegedly posted by ShinyHunters, a hacking group that threatened to leak school data if its demands were not met. The timing intensified the fallout. With finals underway, some students lost access to exam materials, lecture notes and submission portals, forcing schools to adjust deadlines, monitor systems and guide users through temporary workarounds. Which schools were affected? The disruption touched schools across the U.S., including districts and colleges in North Texas. Plano ISD, Allen ISD, Southern Methodist University and Tarrant County College were among institutions reviewing the impact as Canvas access began returning. What student data may be at risk? Instructure has said it is investigating the security incident. Reports indicate the exposed information may include names, email addresses, student ID numbers and messages, though the full scope has not been independently confirmed. Cybersecurity experts warn that education platforms remain high-value targets because they store data on minors, teachers and university communities. For students and families, the immediate advice is simple: watch for suspicious emails, avoid unknown links and follow official school updates while the investigation continues.
Bay Area World Cup Security Rushes Ahead as Drone, Cyberattack Fears Grow
Bay Area World Cup Security Plans Intensify Bay Area World Cup security preparations are accelerating as officials warn that the 2026 FIFA World Cup could bring serious drone, cyberattack and crowd-safety risks to Santa Clara. Six FIFA World Cup 2026 matches are scheduled in Santa Clara, drawing massive crowds, international visitors and high-profile guests. Officials said the scale of the event has pushed federal, state and local agencies into a faster,
Bay Area World Cup Security Rushes Ahead as Drone, Cyberattack Fears Grow
Bay Area World Cup Security Plans Intensify Bay Area World Cup security preparations are accelerating as officials warn that the 2026 FIFA World Cup could bring serious drone, cyberattack and crowd-safety risks to Santa Clara. Six FIFA World Cup 2026 matches are scheduled in Santa Clara, drawing massive crowds, international visitors and high-profile guests. Officials said the scale of the event has pushed federal, state and local agencies into a faster,
Rockstar Games hit by new hack but says no impact on players
Rockstar Games has confirmed a new cybersecurity incident after hackers claimed to have accessed company data, marking the second breach involving the developer in recent years. The breach was reported on Saturday, though the company emphasized that the impact appears minimal. In a statement, Rockstar said a “limited amount of non-material company information” was accessed through a third-party cloud service provider. The company added that the incident has had no effect on its operations or players, seeking to reassure its global user base. The group claiming responsibility, known as ShinyHunters, alleged it had gained access to Rockstar’s systems and threatened to release stolen data unless a ransom was paid. The group is known for targeting major corporations and exploiting vulnerabilities in cloud-based infrastructure. Cybersecurity experts generally advise against paying ransom demands, noting that such payments often encourage further attacks without guaranteeing data recovery or deletion. ShinyHunters has previously been linked to several high-profile breaches involving large companies. This latest incident follows a major breach in 2023, when sensitive material related to the highly anticipated Grand Theft Auto VI was leaked online. That attack, carried out by a teenage hacker associated with a separate group, exposed early gameplay footage and internal data, forcing Rockstar to accelerate its official announcements. Despite the repeated targeting, Rockstar has indicated that its current security posture has limited the damage in the latest incident. The company has not disclosed additional technical details but continues to monitor the situation as cybersecurity threats remain a persistent challenge for the gaming industry.
Rockstar Games hit by new hack but says no impact on players
Rockstar Games has confirmed a new cybersecurity incident after hackers claimed to have accessed company data, marking the second breach involving the developer in recent years. The breach was reported on Saturday, though the company emphasized that the impact appears minimal. In a statement, Rockstar said a “limited amount of non-material company information” was accessed through a third-party cloud service provider. The company added that the incident has had no effect on its operations or players, seeking to reassure its global user base. The group claiming responsibility, known as ShinyHunters, alleged it had gained access to Rockstar’s systems and threatened to release stolen data unless a ransom was paid. The group is known for targeting major corporations and exploiting vulnerabilities in cloud-based infrastructure. Cybersecurity experts generally advise against paying ransom demands, noting that such payments often encourage further attacks without guaranteeing data recovery or deletion. ShinyHunters has previously been linked to several high-profile breaches involving large companies. This latest incident follows a major breach in 2023, when sensitive material related to the highly anticipated Grand Theft Auto VI was leaked online. That attack, carried out by a teenage hacker associated with a separate group, exposed early gameplay footage and internal data, forcing Rockstar to accelerate its official announcements. Despite the repeated targeting, Rockstar has indicated that its current security posture has limited the damage in the latest incident. The company has not disclosed additional technical details but continues to monitor the situation as cybersecurity threats remain a persistent challenge for the gaming industry.
Israel says 1,000 Hezbollah fighters killed as Iran claims Amazon site strike
The Israeli military said it has killed approximately 1,000 Hezbollah operatives in Lebanon as hostilities intensify in parallel with escalating tensions involving Iran. The Israel Defense Forces (IDF) stated that the casualties include hundreds of members from Hezbollah’s elite Radwan Force, a key unit within the Iran-backed group. The announcement was made as cross-border exchanges between Israel and Hezbollah continue to increase in frequency and intensity. According to the IDF, Hezbollah launched around 130 rockets into Israeli territory over the previous 24-hour period. Israeli defense systems intercepted the majority of the projectiles, while others landed in open areas. However, several rockets struck populated areas, causing property damage and leaving multiple individuals with minor injuries. The developments were reported at 8:59 PM IST on Thursday, April 2, 2026. The situation reflects a broader escalation across the Middle East, with tensions extending beyond Israel and Lebanon. In a separate development, Iran’s Islamic Revolutionary Guard Corps (IRGC) claimed responsibility for an attack targeting an Amazon cloud computing facility in Bahrain. The claim was reported by Iranian state-affiliated media, which described the operation as part of the third phase of what it called the “90th wave” of Operation True Promise 4. The reported cyber or infrastructure-related strike comes amid heightened rhetoric from Iran. On Wednesday, April 1, 2026, the IRGC warned that it could target multiple major international companies, including Microsoft, Google, Apple, Intel, IBM, Tesla, and Boeing, citing their regional presence. These overlapping developments underscore the widening scope of the conflict, raising concerns about regional stability and the potential for broader international implications. While Israel continues military operations against Hezbollah, Iran’s actions and warnings suggest an expanding dimension that could involve both conventional and cyber domains.
Israel says 1,000 Hezbollah fighters killed as Iran claims Amazon site strike
The Israeli military said it has killed approximately 1,000 Hezbollah operatives in Lebanon as hostilities intensify in parallel with escalating tensions involving Iran. The Israel Defense Forces (IDF) stated that the casualties include hundreds of members from Hezbollah’s elite Radwan Force, a key unit within the Iran-backed group. The announcement was made as cross-border exchanges between Israel and Hezbollah continue to increase in frequency and intensity. According to the IDF, Hezbollah launched around 130 rockets into Israeli territory over the previous 24-hour period. Israeli defense systems intercepted the majority of the projectiles, while others landed in open areas. However, several rockets struck populated areas, causing property damage and leaving multiple individuals with minor injuries. The developments were reported at 8:59 PM IST on Thursday, April 2, 2026. The situation reflects a broader escalation across the Middle East, with tensions extending beyond Israel and Lebanon. In a separate development, Iran’s Islamic Revolutionary Guard Corps (IRGC) claimed responsibility for an attack targeting an Amazon cloud computing facility in Bahrain. The claim was reported by Iranian state-affiliated media, which described the operation as part of the third phase of what it called the “90th wave” of Operation True Promise 4. The reported cyber or infrastructure-related strike comes amid heightened rhetoric from Iran. On Wednesday, April 1, 2026, the IRGC warned that it could target multiple major international companies, including Microsoft, Google, Apple, Intel, IBM, Tesla, and Boeing, citing their regional presence. These overlapping developments underscore the widening scope of the conflict, raising concerns about regional stability and the potential for broader international implications. While Israel continues military operations against Hezbollah, Iran’s actions and warnings suggest an expanding dimension that could involve both conventional and cyber domains.
China-linked cyber operation breached US House staff email systems
Chinese intelligence services have penetrated email systems used by staff members working for key committees in the United States House of Representatives, according to officials familiar with the matter, marking one of the most significant congressional cyber intrusions disclosed in recent years. The operation, known internally as Salt Typhoon, is described as part of a long-running cyber-espionage campaign attributed to China’s Ministry of State Security. Sources with knowledge of the investigation said the breach affected email accounts used by congressional staff supporting the House China Committee, as well as aides associated with the Foreign Affairs Committee, the Intelligence Committee, and the Armed Services Committee. The unauthorized access was discovered in December, prompting federal authorities to begin a broader review of congressional digital security practices and potential exposure of sensitive communications. Officials emphasized that the compromised accounts belonged to staffers rather than elected lawmakers, and it remains unclear whether the personal email accounts of members of Congress were accessed during the intrusion. Nonetheless, the targeting of committees responsible for national security, foreign policy, and intelligence oversight has raised concerns about the scale and intent of the operation. Investigators are continuing to assess what data may have been viewed or extracted and whether the intrusion enabled further access to internal government systems. Salt Typhoon is believed to be part of a sustained cyber campaign that has targeted US communications infrastructure for several years. According to individuals familiar with the operation, the tools and methods linked to the campaign have allowed Chinese intelligence to exploit vulnerabilities in telecommunications networks, providing access to unencrypted phone calls, text messages, and voicemail traffic across the United States. In certain circumstances, the same infrastructure has reportedly been used to gain entry into email systems. Security officials have also indicated that communications involving senior US government figures may have been intercepted as part of this broader effort, underscoring the persistent nature of the threat. While the full scope of the intercepted material has not been publicly detailed, authorities view the campaign as a strategic intelligence-gathering effort rather than a short-term or isolated attack. The incident highlights ongoing challenges facing US institutions as foreign intelligence agencies increasingly rely on cyber tools to collect information. Lawmakers and security experts have repeatedly warned that congressional offices, which often operate with limited technical resources compared with executive branch agencies, can present attractive targets for sophisticated adversaries seeking insight into policy deliberations and legislative priorities. Federal agencies responsible for cybersecurity and counterintelligence are coordinating with congressional officials to strengthen defenses, review access controls, and improve monitoring of digital systems. The breach is expected to intensify calls for additional investment in cybersecurity protections for legislative offices and for closer cooperation between Congress and national security agencies in responding to advanced cyber threats. As investigations continue, officials have stressed that the episode serves as a reminder of the evolving nature of cyber espionage and the need for constant vigilance in protecting sensitive government communications.
China-linked cyber operation breached US House staff email systems
Chinese intelligence services have penetrated email systems used by staff members working for key committees in the United States House of Representatives, according to officials familiar with the matter, marking one of the most significant congressional cyber intrusions disclosed in recent years. The operation, known internally as Salt Typhoon, is described as part of a long-running cyber-espionage campaign attributed to China’s Ministry of State Security. Sources with knowledge of the investigation said the breach affected email accounts used by congressional staff supporting the House China Committee, as well as aides associated with the Foreign Affairs Committee, the Intelligence Committee, and the Armed Services Committee. The unauthorized access was discovered in December, prompting federal authorities to begin a broader review of congressional digital security practices and potential exposure of sensitive communications. Officials emphasized that the compromised accounts belonged to staffers rather than elected lawmakers, and it remains unclear whether the personal email accounts of members of Congress were accessed during the intrusion. Nonetheless, the targeting of committees responsible for national security, foreign policy, and intelligence oversight has raised concerns about the scale and intent of the operation. Investigators are continuing to assess what data may have been viewed or extracted and whether the intrusion enabled further access to internal government systems. Salt Typhoon is believed to be part of a sustained cyber campaign that has targeted US communications infrastructure for several years. According to individuals familiar with the operation, the tools and methods linked to the campaign have allowed Chinese intelligence to exploit vulnerabilities in telecommunications networks, providing access to unencrypted phone calls, text messages, and voicemail traffic across the United States. In certain circumstances, the same infrastructure has reportedly been used to gain entry into email systems. Security officials have also indicated that communications involving senior US government figures may have been intercepted as part of this broader effort, underscoring the persistent nature of the threat. While the full scope of the intercepted material has not been publicly detailed, authorities view the campaign as a strategic intelligence-gathering effort rather than a short-term or isolated attack. The incident highlights ongoing challenges facing US institutions as foreign intelligence agencies increasingly rely on cyber tools to collect information. Lawmakers and security experts have repeatedly warned that congressional offices, which often operate with limited technical resources compared with executive branch agencies, can present attractive targets for sophisticated adversaries seeking insight into policy deliberations and legislative priorities. Federal agencies responsible for cybersecurity and counterintelligence are coordinating with congressional officials to strengthen defenses, review access controls, and improve monitoring of digital systems. The breach is expected to intensify calls for additional investment in cybersecurity protections for legislative offices and for closer cooperation between Congress and national security agencies in responding to advanced cyber threats. As investigations continue, officials have stressed that the episode serves as a reminder of the evolving nature of cyber espionage and the need for constant vigilance in protecting sensitive government communications.
Massive Data Leak Exposes 16 Billion Records as Infostealer Malware Threat Escalates
A staggering 16 billion login credentials have been exposed online in what is shaping up to be one of the largest and most concerning data leaks to date. The discovery was made by a cybersecurity research team that has been tracking suspicious activity and open databases across the web since early 2025. The exposed datasets contain usernames, passwords, session tokens, cookies, and other sensitive authentication information gathered through infostealer malware, credential stuffing, and reproc
Massive Data Leak Exposes 16 Billion Records as Infostealer Malware Threat Escalates
A staggering 16 billion login credentials have been exposed online in what is shaping up to be one of the largest and most concerning data leaks to date. The discovery was made by a cybersecurity research team that has been tracking suspicious activity and open databases across the web since early 2025. The exposed datasets contain usernames, passwords, session tokens, cookies, and other sensitive authentication information gathered through infostealer malware, credential stuffing, and reproc
US Treasury Confirms China-Backed Cyber Breach
The US Treasury Department confirmed that a China state-sponsored actor was responsible for a recent cyber breach, compromising its workstations and some unclassified documents. The incident occurred earlier this month when the actor gained access through a third-party cybersecurity provider, BeyondTrust. Once the breach was detected, Treasury swiftly contacted the US Cybersecurity and Infrastructure Security Agency and began working with law enforcement to investigate the incident and assess
US Treasury Confirms China-Backed Cyber Breach
The US Treasury Department confirmed that a China state-sponsored actor was responsible for a recent cyber breach, compromising its workstations and some unclassified documents. The incident occurred earlier this month when the actor gained access through a third-party cybersecurity provider, BeyondTrust. Once the breach was detected, Treasury swiftly contacted the US Cybersecurity and Infrastructure Security Agency and began working with law enforcement to investigate the incident and assess









