A DOD contractor API flaw exposed service-member and course data in the United States after researchers found accessible records and confidential military training material on Schemata’s AI platform [AMER]. The investigative value sits in the exposed identifiers, base assignments, course metadata and patched endpoint trail, which give auditors a clear path for scope validation and third-party control review (Source: CyberScoop, 06-05-2026).

Trellix confirmed unauthorised access to part of its source-code repository after a breach investigation involving external security specialists and notifications to authorities [AMER]. The company said there was no evidence that source-code distribution had been affected, leaving investigators to resolve access method, exfiltration scope, actor identity and whether any downstream abuse indicators exist (Source: TechRadar, 06-05-2026).

Kaspersky reported a DAEMON Tools supply-chain compromise after attackers replaced signed installers with trojanised builds distributed through the vendor’s official channel across more than 100 countries [Global]. The staged infection chain collected host data before selectively deploying a backdoor, giving investigators file-signing artefacts, download timelines and victim-sector clustering across government, scientific, industrial and retail environments (Source: Kaspersky, 05-05-2026).

Unit 42 detailed exploitation of a PAN-OS captive-portal zero-day affecting exposed Palo Alto Networks firewall authentication portals, with activity carrying indicators consistent with targeted intrusion operations [Global]. The investigation centres on unauthenticated remote code execution, affected portal exposure, root-level device access and the collection of network-edge evidence needed to determine lateral movement risk (Source: Unit 42, 07-05-2026).

Vimeo user data was exposed through a third-party analytics integration, with Have I Been Pwned reporting names and email addresses for about 119,000 people after ShinyHunters leaked stolen data [AMER]. The incident illustrates how technical metadata, account identifiers and integration access logs become central evidence when breach scope depends on a connected supplier rather than the primary platform alone (Source: TechRadar, 07-05-2026).

Queensland education authorities confirmed student and teacher data was stolen from the Canvas-linked QLearn environment, affecting current and former users since 2020 [APAC]. Investigators are correlating provider notifications, school communications, exposed names, email addresses and school-location records while assessing risk for protected families and individuals affected by domestic violence or child-safety concerns (Source: The Courier-Mail, 07-05-2026).

Ivanti issued fixes for EPMM vulnerabilities, including CVE-2026-6973, after warning that the flaw had been exploited in limited attacks against mobile endpoint management infrastructure [Global]. The threat picture requires administrators to preserve appliance logs, review administrator-session history, validate exposed management surfaces and confirm upgrades to fixed versions 12.6.1.1, 12.7.0.1 or 12.8.0.1 (Source: Ivanti, 07-05-2026).

A Linux zero-day dubbed Dirty Frag was disclosed, with reporting that local attackers can obtain root privileges on major distributions using a public proof-of-concept exploit [Global]. Forensic triage should prioritise privilege-escalation artefacts, unusual local command execution, kernel-version exposure and whether the exploit was chained after credential theft or web-shell access (Source: BleepingComputer, 08-05-2026).

Two U.S. nationals were sentenced for facilitating fraudulent remote IT worker schemes that helped North Korean workers access U.S. companies through laptop farms [AMER]. Court records describe shipped victim laptops, unauthorised remote-desktop installations, network access and revenue flows, providing a clear evidential chain from physical devices to identity deception and sanctioned state funding (Source: U.S. Department of Justice, 06-05-2026).

A federal jury convicted a Virginia man over deletion of U.S. government databases, in a case involving unauthorised data destruction affecting public-sector systems [AMER]. The prosecution highlights evidential dependence on database activity records, access authorisation history, deletion timelines and system-recovery analysis when courts must distinguish administrative access from criminal misuse (Source: U.S. Department of Justice, 07-05-2026).

NIST published an initial public draft of IR 8323 Revision 2, updating the Foundational PNT Profile for applying the Cybersecurity Framework 2.0 to positioning, navigation and timing services [AMER]. The draft supports evidence-led risk management by mapping functions, categories and outcomes to systems whose timing and location dependencies underpin telecommunications, finance, transport and critical infrastructure operations (Source: NIST, 06-05-2026).

The Canadian Centre for Cyber Security issued Cisco advisory AV26-430 after Cisco published fixes for vulnerabilities across multiple enterprise products [AMER]. The advisory gives defenders a standards-aligned reference point for change control, patch evidence, exposure assessment and audit documentation where code execution, server-side request forgery or denial-of-service conditions could affect enterprise infrastructure (Source: Canadian Centre for Cyber Security, 06-05-2026).