Instructure confirmed a cybersecurity incident affecting Canvas users in the United States and globally, with exposed data including names, email addresses, student ID numbers and user messages [AMER]. The company said passwords, dates of birth, government identifiers and financial data were not currently believed to be involved, while outside forensic experts continue examining scope and affected institutions (Source: K-12 Dive, 05-05-2026).

Trellix disclosed unauthorised access to part of its source code repository, saying the matter was identified, contained and referred to law enforcement [AMER]. The company said external forensic specialists were engaged and that its investigation has found no evidence that source code release, distribution processes or deployed code were affected or exploited (Source: Trellix, 06-05-2026).

Gujarat CID’s Cyber Centre of Excellence arrested 10 suspects in India after uncovering an alleged ₹53 crore mule-account cyber fraud network spanning multiple states [APAC]. Investigators examined seized phones, identified 197 bank accounts and linked 60 accounts to 132 cybercrime complaints, including one account allegedly connected to suspects in the Baba Siddique murder case (Source: Times of India, 06-05-2026).

New South Wales Cybercrime Squad detectives seized $5.7 million in cryptocurrency in Australia after a 15-month investigation into alleged darknet market proceeds [APAC]. Strike Force Andalusia traced a bitcoin wallet believed to hold proceeds of illegal online activity, giving investigators a cryptocurrency evidence trail for asset restraint and further financial attribution work (Source: NSW Police, 06-05-2026).

San Diego Community College District continued recovering from an ongoing cyberattack in California, with a district-wide network shutdown affecting campus systems, websites and student activity [AMER]. Local reporting described disrupted classes, staff workarounds and reliance on personal devices and hotspots, making the incident a live operational continuity case for education-sector investigation teams (Source: City Times Media, 05-05-2026).

Itron reported unauthorised access to certain company systems in the United States, affecting a supplier used across energy, water and smart-city environments [AMER]. Its SEC filing said the company activated its cybersecurity response plan, engaged external advisers, notified law enforcement and found no unauthorised activity in the customer-hosted portion of its systems (Source: SEC, 24-04-2026).

CISA added a new vulnerability to its Known Exploited Vulnerabilities Catalog in the United States, citing evidence of active exploitation [AMER]. The update reinforces the need to preserve patch timelines, exposure records and endpoint telemetry because KEV additions often become anchor points for reconstructing intrusion windows and determining whether exploitation preceded remediation (Source: CISA, 01-05-2026).

Researchers reported that Shadow-Earth-053 targeted government, defence and critical infrastructure organisations across South, East and Southeast Asia using Exchange and IIS vulnerabilities [APAC]. The China-aligned campaign places web server artefacts, credential use, lateral movement evidence and regional victimology at the centre of attribution analysis for investigators examining overlapping espionage and infrastructure-access activity (Source: Industrial Cyber, 04-05-2026).

A Latvian national was sentenced in Ohio to 102 months in prison for acting as a negotiator for Karakurt, TommyLeaks and SchoolBoys ransomware operations [AMER]. Prosecutors said Deniss Zolotarjovs helped extort victims in a ransomware group responsible for tens of millions of dollars in attacks, giving investigators a cooperation and money-laundering case study (Source: U.S. Department of Justice, 04-05-2026).

Singapore Police arrested a 30-year-old man over suspected payment card fraud involving a local e-commerce platform, with the alleged offending committed between 5 and 27 January 2026 [APAC]. The case highlights how platform records, card-not-present transaction data, device identifiers and account activity can be combined to attribute fraudulent purchases to a suspect (Source: Singapore Police Force, 05-05-2026).

The UK NCSC warned organisations to prepare for a vulnerability patch wave linked to frontier AI capability, framing patch readiness as a strategic governance issue [EMEA]. The guidance points investigators and security leaders toward disciplined asset knowledge, dependency mapping and remediation evidence so rapid exploit development does not outpace organisational proof of control (Source: NCSC, 01-05-2026).

CybersecAsia reported that more than half of APAC organisations experienced AI-related incidents, citing research that found weak confidence in detecting compromised AI systems [APAC]. The finding raises governance questions around logging, model access controls, prompt and output retention, and whether organisations can reconstruct AI-assisted compromise paths after suspected misuse (Source: CybersecAsia, 05-05-2026).