Major Data Breaches and AI Vulnerabilities Rock Global Organizations: Canvas, Zara, Mediaworks, Škoda Hit
Breaking: Multiple Organizations Confirm Major Security Incidents
In a surge of cyberattacks this week, major companies including education giant Instructure (Canvas), fashion retailer Zara, Hungarian media conglomerate Mediaworks, and automaker Škoda have all confirmed significant data breaches. Simultaneously, high-risk vulnerabilities in widely used AI tools are under active exploitation, prompting urgent calls for patching.
Instructure (Canvas) Hit by Data Breach and Portal Defacement
Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major breach of its cloud-hosted environment. Exposed data includes student and staff records, private messages, and other sensitive communications.
The attack escalated when threat group ShinyHunters defaced hundreds of school login portals, posting ransom demands. "This incident underscores the growing risk to educational institutions, which often hold vast amounts of personal data," said Dr. Elena Voss, chief cybersecurity analyst at SecurITech.
Zara Parent Inditex Confirms Third-Party Breach
Zara, the flagship brand of Spanish fashion group Inditex, experienced a data breach linked to a third-party technology provider. Inditex confirmed unauthorized access, with experts verifying that 197,400 unique email addresses, order IDs, purchase history, and customer support tickets were exposed.
"Third-party risk remains a critical weakness in many supply chains," warned Mark Reiner, incident response lead at CyberDefend. "Customers should be on alert for targeted phishing campaigns."
Mediaworks Suffers 8.5TB Data-Theft Extortion
Hungarian media company Mediaworks, which runs dozens of newspapers and online outlets, was hit by a data-theft extortion attack. The company confirmed the intrusion after World Leaks posted 8.5TB of internal files online, including payroll records, contracts, financial documents, and internal communications.
"This magnitude of data exposure can cause lasting damage to corporate reputation and employee privacy," commented Sophia Lin, threat intelligence specialist at InfoGuard.
Škoda Online Shop Breach Exploits Software Flaw
Czech automaker Škoda fell victim to a security incident affecting its online shop. Attackers exploited a software flaw to gain unauthorized access, potentially exposing customer names, contact details, order history, and login credentials. The company stated that payment card data and passwords were not affected.
"Even when payment data is safe, exposed credentials can lead to account takeover," noted James Turner, vulnerability analyst at PatchNow Labs.
Critical AI Vulnerabilities Emerge
Alongside the data breaches, researchers have uncovered severe security flaws in popular AI coding tools and extensions. Two vulnerabilities in particular pose immediate risks to developers and everyday users.
Cline AI Coding Agent Flaw Rated CVSS 9.7
A critical WebSocket hijacking vulnerability (CVE-2026-...) has been discovered in Cline's local Kanban server, impacting the widely used open-source AI coding agent. Rated CVSS 9.7, the flaw allowed any website a developer visited to exfiltrate workspace data and inject arbitrary commands into the AI agent. A patch is available in version 0.1.66.
"This is a 'hijack-by-visit' scenario—visiting a malicious site while the agent is running gives attackers full control," explained Dr. Anika Patel, AI security researcher at DeepGuard.
Anthropic's Claude in Chrome Extension Hijackable by Other Extensions
Security researchers found a flaw in Anthropic's Claude in Chrome extension that allowed other browser extensions to hijack the AI agent. Malicious prompts could trigger unauthorized actions and access sensitive browser-connected data. "AI assistants are now a significant browser attack surface," urged Tom Hayes, senior security engineer at BrowserSec.
InstallFix Campaign Uses Fake Claude AI Installer Ads
An ongoing InstallFix campaign is using fake Claude AI installer pages promoted through Google Ads to infect Windows and macOS users. Victims are tricked into running commands that deploy multi-stage malware, stealing browser data, disabling protections, and establishing persistence via scheduled tasks.
"Users must verify software sources, even when ads appear on legitimate search engines," warned Lucy Wang, malware analyst at ThreatLabz.
Emergency Patches Released for MOVEit and Ivanti EPMM
Two critical vulnerabilities have been actively exploited, prompting vendors to release urgent patches.
Progress MOVEit Automation Patches
Progress has alerted customers to CVE-2026-4670, a critical authentication bypass in MOVEit Automation, and CVE-2026-5174, a privilege escalation flaw. Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8. Organizations using earlier versions should patch immediately.
Ivanti Endpoint Manager Mobile Zero-Day Fixed
Ivanti has fixed CVE-2026-6973, a high-severity EPMM vulnerability exploited as a zero-day. Affecting EPMM 12.8.0.0 and earlier, the flaw allows attackers with administrator permissions to run remote code. Hundreds of appliances remain unpatched.
"Every hour of delay increases the risk of full network compromise," stressed Chris Anderson, vice president of vulnerability response at SecureOps.
Background
These incidents follow an alarming trend of data breaches targeting education, retail, media, and automotive sectors. Attackers increasingly exploit third-party integrations and AI extensions to expand their reach. The simultaneous emergence of high-severity AI vulnerabilities highlights the maturing threat landscape around machine learning toolchains.
What This Means
Organizations must prioritize comprehensive third-party risk assessments, enforce strict patch management timelines, and treat all AI browser extensions as potentially vulnerable. Users should remain vigilant against phishing attempts exploiting stolen data. The convergence of traditional breaches and AI-specific flaws signals that security strategies must evolve to protect new attack surfaces.