Cybersecurity

Instructure's Canvas breach was bad before the ransomware pressure campaign. Then it hit again during finals week, and the company wound up making a deal with the hackers so schools would not have to.

OpenAI says no user data or model IP was compromised in the TanStack attack. Good. The more useful takeaway is that frontier AI labs are now exposed to the same boring dependency failures as everybody else.

Braintrust confirmed unauthorized access to an AWS account and told customers to rotate any stored API keys. The interesting part isn't the startup. It's the layer of AI infrastructure it represents.

The Vercel/Context.ai breach didn't start with a phishing email or a zero-day. It started with a Vercel employee downloading a cracked game. What followed is a masterclass in modern supply chain attacks.

Anthropic built a model that autonomously finds thousands of zero-days in production systems, then launched a private coalition to patch them before releasing it publicly.