Daily Threat Briefing – May 11, 2026

This briefing details multiple active, high-impact incidents: a coordinated ransomware/extortion campaign against the Canvas LMS threatening massive PII exposure and educational disruptions; a critical Ollama out-of-bounds memory-read vulnerability affecting an estimated 300,000+ servers; the TCLBANKER banking trojan spread via WhatsApp/Outlook worms targeting financial platforms; supply-chain compromises distributing RATs and infostealers via JDownloader and a fake Hugging Face repo; and critical infrastructure breaches including Polish water treatment plants and router-based token harvesting—each accompanied by urgent remediation and monitoring recommendations.