Saturday Security: ShinyHunters Turns Slurpees Into Cyber Headlines

 The same threat actor group that breached Canvas LMS is back — and this time they've made their way into the Slurpee business.

7-Eleven has confirmed a cybersecurity breach after the Shiny Hunters extortion group claimed it stole more than 600,000 records tied to franchise operations and Salesforce-connected systems. This wasn't a physical stickup — attackers reportedly used phishing and voice-based social engineering to access employee accounts, compromising contracts, financial records, identity documents, and operational data after ransom talks allegedly failed. A 9 gigabyte archive of stolen files was reportedly leaked online. This week's big takeaway: Franchise and partner ecosystems are becoming prime cyber targets. When cloud platforms centralize business data across vendors and contractors, one single compromise can ripple through an entire network — affecting everyone connected to that system. https://nationalcioreview.com/articles-insights/extra-bytes/7-eleven-breach-exposes-the-security-risks-inside-franchise-networks/ 🗓️ Week ending May 23rd, 2026

Saturday Security: Canvas LMS Breached Twice by ShinyHunters

 

One of the most widely used education platforms in the world is at the center of a major cybersecurity incident. The Shiny Hunters hacking group breached Canvas — the learning management system used by thousands of schools globally — twice, disrupting login pages during finals week and stealing over 3.5 terabytes of sensitive student and school data. The stolen information reportedly includes names, emails, student IDs, and even private teacher-student-parent messages. The company behind Canvas has confirmed it reached an agreement with the hackers — widely believed to involve a ransom payment in exchange for the data being returned and supposedly deleted. Security experts are clear: there is never a guarantee that criminals actually destroy stolen data after a ransom is paid. This week's big takeaway: Education platforms now centralize enormous amounts of sensitive personal data — including information tied to minors — making schools and cloud-based learning platforms prime targets for cybercriminals. https://www.darkreading.com/cyberattacks-data-breaches/shinyhunters-second-attack-instructure https://www.reuters.com/legal/litigation/canvas-parent-company-reaches-agreement-with-hacking-group-behind-recent-breach-2026-05-12/ 🗓️ Week ending May 16th, 2026

Saturday Security: The Rise of Digital Cargo Heists

 Cargo theft has gone digital — and it's costing billions. Cybercriminal groups are no longer just breaking into trucks. They're hacking, impersonating, and social engineering their way into the supply chain, convincing companies to hand over shipments willingly.

The FBI reports cargo theft losses in the US and Canada jumped to roughly $725 million last year — with attackers using phishing, fake broker accounts, spoofed GPS systems, and compromised logistics software to reroute shipments without ever touching a warehouse door. The scariest part? Many of these operations are run overseas like legitimate businesses — complete with fake identities, fraudulent shipping bids, and sophisticated social engineering campaigns. This week's takeaway: Your supply chain is now a cyber target. If attackers can compromise communications and trust, they can redirect physical goods without ever setting foot near your facility. https://www.darkreading.com/cyber-risk/physical-cargo-theft-cybercriminals 🗓️ Week ending May 9th, 2026

Saturday Security: Adversaries Are Already Targeting the 2026 Midterms

 

Ballot notices are already arriving in California mailboxes ahead of the 2026 primaries — and foreign adversaries are taking notice too. This week, the head of U.S. Cyber Command and the NSA warned that interference in the 2026 midterm elections is not just possible, it's expected. Since 2016, election cycles have become prime targets — not just for hacking, but for disinformation and phishing campaigns. We also look at questions surrounding the Election Security Group and whether the task force coordinating CISA and the FBI has been fully reestablished. The big takeaway: election security has expanded well beyond voting infrastructure. Campaigns, vendors, media, and communication platforms are all now in scope. If bad actors can compromise people and information, they don't need to break into systems to shape outcomes. Stay informed. Stay secure. https://securityboulevard.com/2026/04/cyber-command-and-nsa-chief-warns-foreign-adversaries-likely-to-target-midterms/ #election2026 #electionsecurity