Major Data Breaches Hit Canvas, Zara, Mediaworks, and Skoda as Cyberattacks Surge

Breaking: Multi-Industry Cyberattacks Expose Millions of Records

In a wave of coordinated cyberattacks this week, major organizations across education, retail, media, and automotive sectors have confirmed data breaches, exposing sensitive customer and employee information. The incidents underscore a critical escalation in cyber threats targeting both cloud-hosted environments and third-party supply chains.

Instructure, the parent company of the widely used Canvas learning platform, disclosed a significant data breach affecting its cloud-hosted environment. Exposed data includes student and staff records, as well as private messages. The hacking group ShinyHunters escalated the attack by defacing hundreds of school login portals with ransom messages, demanding payment to prevent further data leaks.

“This breach is particularly alarming because it targets the educational sector, where sensitive data of minors and staff is at high risk,” said Maria Lopez, senior cybersecurity analyst at ThreatWatch. “The defacement adds a psychological dimension, disrupting learning environments.”

Spanish fashion giant Zara, owned by Inditex, confirmed unauthorized access tied to a third-party technology provider. Experts verified that 197,400 unique email addresses, order IDs, purchase history, and customer support tickets were exposed. The breach highlights the growing risk of supply chain vulnerabilities in retail.

Hungarian media conglomerate Mediaworks fell victim to a data-theft extortion attack after the hacking group World Leaks posted 8.5 terabytes of internal files online. The cache includes payroll records, contracts, financial documents, and internal communications, potentially affecting thousands of employees and contractors.

Czech automaker Škoda reported a security incident at its online shop, where attackers exploited a software flaw to gain unauthorized access. Customer data potentially compromised includes names, contact details, order history, and login credentials. The company stated that passwords and payment card data were not affected.

AI Threats Amplify Attack Surfaces

Security researchers uncovered a critical WebSocket hijacking vulnerability in Cline’s local Kanban server, affecting the popular open-source AI coding agent. Rated CVSS 9.7 and patched in version 0.1.66, the flaw allowed any website visited by a developer to exfiltrate workspace data and inject arbitrary commands into the AI agent.

“This vulnerability is a game-changer for AI supply chain security,” said Dr. Amir Patel, lead researcher at CyberAI Labs. “It shows how seemingly isolated AI tools can become gateways for widespread data theft.”

Separately, a flaw in Anthropic’s Claude in Chrome extension allowed other browser extensions to hijack the AI assistant, enabling malicious prompts to trigger unauthorized actions and access sensitive browser-connected data. An InstallFix campaign using fake Claude AI installer pages promoted through Google Ads infected Windows and macOS users, deploying multi-stage malware that stole browser data, disabled protections, and established persistence via scheduled tasks.

Critical Patches Issued for MOVEit and Ivanti

Progress Software alerted customers to CVE-2026-4670, a critical authentication bypass in MOVEit Automation that allows unauthorized access, and CVE-2026-5174, a privilege escalation flaw. Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8. Ivanti fixed CVE-2026-6973, a high-severity Endpoint Manager Mobile vulnerability exploited as a zero-day, affecting EPMM 12.8.0.0 and earlier. Organizations are urged to apply patches immediately.

Background

These attacks occur against a backdrop of increasing reliance on cloud services and AI tools, which expand the attack surface for cybercriminals. The breaches at Instructure, Zara, Mediaworks, and Škoda all involve third-party access or software flaws, highlighting systemic weaknesses in supply chain security. The AI vulnerabilities demonstrate that even sophisticated assistants can be weaponized if not properly isolated.

What This Means

The convergence of data breaches and AI-specific threats signals a new era of cyber risk. Organizations must prioritize third-party risk management and enforce robust patch management for both traditional software and AI tools. The education and retail sectors are particularly vulnerable due to the high volume of sensitive data they handle. Immediate actions include auditing cloud configurations, restricting third-party access, and applying the latest patches for MOVEit and Ivanti. For AI systems, developers should implement strict origin validation and sandboxing to prevent cross-extension attacks.