Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 3, 2026
Security & Infrastructure Tools
Instructure Confirms Data Breach as ShinyHunters Claims Attack
Instructure confirms a cybersecurity incident affecting Canvas, with the ShinyHunters group claiming responsibility. The attackers say personal data from users at affected institutions—names, emails, student IDs, and messages—has been exposed. Instructure reports no current evidence of passwords, birth dates, government IDs, or financial information being compromised and has deployed patches, enhanced monitoring, and API key rotation requiring re-authorization for new keys. ShinyHunters’ data-leak listing cites roughly 240 million records across about 15,000 institutions and up to 275 million individuals, but independent verification of these figures is still pending.
By TechLogHub
May 3, 2026
Security & Infrastructure Tools
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender flagged legitimate DigiCert root certificates as malware after a threat signature update on April 30, causing false positives and removals from the Windows trust store; two root certificates were reportedly affected, and Microsoft rolled out fixes in Security Intelligence updates (from 1.449.430.0 to 1.449.431.0) with automatic or manual update options; the incident occurs in the context of a DigiCert breach and is discussed as a potential link, though the flagged root certs are different from the revoked code-signing certificates.
By TechLogHub
May 3, 2026
Security & Infrastructure Tools
Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery
Cybersecurity researchers have uncovered FEMITBOT, a Telegram-based fraud operation that uses Mini Apps and bots to run fake crypto platforms, impersonate brands (Apple, NVIDIA, Disney, eBay, IBM, Moon Pay, YouKu, and more), and deliver Android malware. The campaigns share a common backend, allow rapid branding/language changes, and use tracking pixels to optimize performance. Victims encounter fake dashboards and urgency tactics, then are urged to deposit funds or complete referrals; some Mini Apps push Android APKs masquerading as legitimate apps via the in-app browser. Users are advised to avoid crypto-promoting Telegram bots and sideloading APKs.
By TechLogHub
May 2, 2026
Security & Infrastructure Tools
Critical cPanel flaw mass-exploited in "Sorry" ransomware attacks
A critical vulnerability in cPanel/WHM (CVE-2026-41940) is being mass-exploited in the Sorry ransomware campaign. An emergency update for WHM and cPanel has been released, but attackers have already compromised tens of thousands of servers—at least 44,000 IPs according to Shadowserver—and deployed a Go-based Linux encryptor that appends the .sorry extension to files. Victims receive a ransom note with a Tox ID, and decryption requires the RSA-2048 private key; without it, decryption is effectively impossible. All cPanel/WHM users are urged to apply the security update immediately as exploitation continues to spread.
By TechLogHub