## Canvas Disrupted by ShinyHunters Ransomware The education sector faced a significant disruption this week when **Instructure**, the company behind the **Canvas** learning management system, was hit by a ransomware attack. The hacking group **ShinyHunters** claimed responsibility, forcing **Canvas** into "maintenance mode" and impacting countless students during their final exams. This incident highlights the increasing willingness of cybercriminals to target critical infrastructure, even when it affects educational institutions. ## Google Chrome's Secret Gemini Nano Download Sparks Privacy Concerns Users of **Google Chrome** were surprised to find that the **Gemini Nano** AI model had been silently installed on their desktops, consuming approximately 4 GB of storage since 2024. This discovery raised concerns about privacy and resource usage. While users can disable the AI model, doing so may impact certain security features. This incident underscores the importance of transparency and user control when it comes to software installations and background processes. Users looking for more privacy-focused browsing can explore alternatives like **DuckDuckGo**, **Ghostery**, or **Brave**. ## Thousands of Vibe Coded Apps Expose Sensitive Data Researchers revealed that thousands of vibe coded applications were left exposed on the open internet, leading to the leakage of sensitive corporate and personal data. This serves as a reminder that the ease of development does not negate the need for robust security practices. Just because a technology is accessible doesn't mean it should be deployed without proper security considerations. ## DHS Subpoenas Google for Data on Anti-ICE Activist The Department of Homeland Security (DHS) subpoenaed **Google** in an attempt to obtain location data and account activity of a Canadian man who criticized US immigration enforcement tactics. The American Civil Liberties Union (ACLU) has filed a complaint against **DHS** on behalf of the individual, raising concerns about government overreach and the targeting of dissenting voices. ## Cybercriminals Complain About AI "Slop"; Meta Updates Age Verification Even cybercriminals are reportedly growing weary of the low-quality output from AI tools. Meanwhile, **Meta** is enhancing its age-verification technology after a study revealed that children are easily bypassing existing checks, including one instance where a child used a fake mustache. ## Robot Lawn Mower Is a Security Nightmare Most people hope that the 200-pound robot with blades in their backyard cannot be easily hacked. Unfortunately for the owners of **Yarbo**, a $5,000 lawn mower robot that can also work as a leaf blower, snowblower, and edger, that was not the case. The Verge reports that a security researcher found numerous vulnerabilities in the lawn bots that could allow hackers to remotely take over the machines (including their camera feeds,) as well as extract owners' email addresses, Wi-Fi passwords, and home locations. After a **Yarbo** spokesperson told The Verge that the robots' “diagnostic environment is not publicly accessible,” the reporter and researcher demonstrated the security flaws and their potential consequences by nearly running over the reporter with a hijacked robot. The company has since reported that they are developing a fix to at least one of the flaws the researcher identified. ## Meta Strips Encryption From Instagram DMs **Mark Zuckerberg’s** **Meta** has pulled support for end-to-end encrypted messages on **Instagram**, backtracking on its plans to protect people’s privacy by providing messaging the company could not snoop on. The company stopped offering encryption on **Instagram** on May 8, making it easier than before for the firm to technically access DMs. After spending years building out the encryption systems needed to secure its chat apps, **Meta** said in 2023 that it had rolled out default encryption for **Messenger**. It also said it was introducing an opt-in version for **Instagram**, which it had planned would eventually become the default setting. However, that day never arrived with **Meta** deciding in March this year that not enough people had opted-in and it would remove the option to encrypt **Instagram** chats. The U-turn has infuriated privacy and security experts who fear the rollback could damage end-to-end encryption efforts around the world. ## Trump’s New Counterterrorism Strategy Targets “Antifa,” “Radically Pro-Transgender” Ideology The Trump administration unveiled a new counterterrorism strategy, which President Donald Trump describes as a “return to common sense and Peace through Strength” in a foreword included in the document. The three biggest types of terror groups, according to the document, are cartels, Islamist terror groups, and “violent left wing extremists,” which the memo says includes anarchists and anti-fascists and have ideologies that are “anti-American” and “radically pro-transgender.” The memo promises, "We will use all the tools constitutionally available to us to map them at home, identify their membership, map their ties to international organizations like Antifa, and use law enforcement tools to cripple them operationally before they can maim or kill the innocent." Notably, during a congressional hearing last year, the operations director of the FBI's National Security Branch was unable to answer questions about how many people were in “Antifa,” where it was located, or other specifics. ## Elite Russian Hacking School Unmasked by Leaked Documents Russia’s GRU military intelligence agency has launched some of the most brazen and destructive cyberattacks in history. While some of its operatives have been publicly named and hit with international sanctions, a consortium of journalists revealed this week how a special unit inside Bauman Moscow State Technical University, named Department 4, allegedly provides training and a su