Top news stories this week
- Rendering risk. Nvidia partner breach exposes user data.
- Hack-ademia. Canvas pays ransom to ShinyHunters and faces US government probe.
- Inside out. Operational data behind The Gentlemen threat group leaked
- Off-road. Online. Skoda Auto disclose data breach impacting customers.
- Mischief managed. Ransomware group claims breach at major manufacturer for Apple.
- Teams targeted. New Microsoft Teams social engineering attack campaign.
1. Nvidia partner breach exposes user data
A data breach affecting NVIDIA GeForce NOW, which went undetected for nearly two months, has been traced to a compromised infrastructure operated by regional partner GFN.AM, exposing personal data including email addresses, phone numbers, and dates of birth.
So what?
The incident highlights the ongoing risk posed by third‑party providers. Even when core platforms are secure, weak partner infrastructure and delayed breach detection can expose large volumes of sensitive user data, making continuous monitoring and vendor risk management critical.
[Researcher: Jenny Eysert]
2. Canvas pays ransom to hackers and faces US government probe
Instructure has confirmed the ShinyHunters extortion group exploited multiple vulnerabilities in its Canvas LMS to steal up to 3.6TB of data. Despite initial containment efforts, the attackers defaced the platform to pressure the company into paying a ransom. Instructure reached a financial settlement with the criminals, and the incident has triggered a US Homeland Security Committee investigation into its cyber security practices.
So what?
The incident highlights the importance of decisive containment measures, in addition to identification and elimination the incident root cause to prevent incident escalation.
[Researcher: Milda Petraityte]
3. Operational data behind The Gentlemen threat group leaked
The Gentlemen, a financially motivated threat actor group first observed in August 2025, has suffered a data breach. Operational and internal chat data was posted to a cybercrime forum revealing tactics and techniques of the group which offers ransomware-as-a-service.
So what?
Threat actors attacking other threat actors and leaking data while infrequent provides useful intelligence for cyber security professionals.
[Researcher: Aditya Ganjam Mahesh]
4. Skoda’s online store hit by data breach
Car manufacturer, Skoda Auto, has disclosed a data breach affecting its German online store, where threat actors exploited a vulnerability in its e-commerce platform to access customer data including names, addresses, phone numbers and log in credentials.
SO WHAT?
Effective detection controls can limit the impact of an incident as they improve response times and enable technical teams to take appropriate containment actions.
[Researcher: Adelaide Parker]
5. Ransomware group claims breach at major manufacturer for Apple
Taiwanese electronics manufacturer Foxconn confirmed a cyberattack affecting several of its North American sites. Nitrogen, a ransomware group known for targeting companies in the manufacturing sector, claimed it had exfiltrated over 8 terabytes of data accounting for 11 million files from Foxconn customers such as Apple, Google, Dell and Nvidia.
So What?
Companies should ensure that their supply chains are regularly audited and kept secure, with even the largest suppliers kept accountable.
[Researcher: Lester Lim]
6. New Microsoft Teams social engineering attack campaign
Threat group KongTuke has launched a new Microsoft Teams‑based social engineering campaign, impersonating IT staff to trick users into running a malicious PowerShell script that steals data and files from compromised devices.
SO WHAT?
External communication with untrusted Microsoft 365 domains should be blocked by default, with allowlisting used to permit approved connections. Regular Microsoft 365 configuration reviews help maintain a secure baseline across the tenant.
[Researcher: Jack Woods]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
