The World Health Organization (WHO) has verified more than 3,000 attacks on healthcare in Ukraine since Russia launched its full-scale invasion in February 2022, the UN agency reported on Friday.
Blog
-
Wider hantavirus outbreak risk is ‘absolutely low’, insists UN health agency
The risk of hantavirus spreading to the general population is “absolutely low”, the UN World Health Organization (WHO) stressed on Friday, as a flight attendant tested negative for the disease after coming into contact with an infected passenger from the cruise ship at the centre of the outbreak, who later died. -
Google Chrome may have silently installed 4GB AI model on your computer. Here’s how to check
We tested our own computers to see if the model was present. -
Lithuania’s Former Prime Minister to be Indicted in Criminal Case
Lithuanian lawmakers voted to lift the parliamentary immunity of former Prime Minister Gintautas Paluckas this week, clearing the way for law enforcement to indict him for allegedly holding wealth of questionable origin.
Ninety-three out of 141 seats on Thursday voted in favor of the action, which was requested by Lithuanian Prosecutor General Nida Grunskienė. Two days earlier, she told parliament that Paluckas was being investigated for 344,000 euros in unexplained wealth, which he allegedly gathered between December 2010 and December 2024. Paluckas’ wife has already been criminally charged in the case, she said.
Paluckas denies he has committed any crimes. Prior to the vote, he said he had no intention of using the immunity granted to him as a member of Lithuania’s parliament, known as the Seimas, to dodge a prosecution.
“It takes two for this tango, and therefore, I will be needing no help from the Seimas,” he told parliament.
The criminal probe was launched in 2025 following a series of investigations by OCCRP member center Siena and broadcaster Laisvės TV, which fueled calls for Paluckas’s resignation, and sparked street protests in Vilnius.
The stories focused on Paluckas’ connections to a local businessman with vast real estate holdings and the questionable ways he had accumulated wealth, including the possession of an apartment willingly sold to him by a Cypriot company at a 90,000-euro loss.
In her address to Lithuania’s parliament, the prosecutor general mentioned suspicious real estate transactions. However she refused to confirm whether they were the deals exposed by Siena and Laisvės TV, claiming it was sensitive information from an ongoing case.
Paluckas was appointed Prime Minister of Lithuania in 2024, which his Social Democratic party won in a landslide. He resigned in the wake of five investigative stories by Siena and Laisvės TV, a law enforcement raid on a company owned by his sister-in-law, and the arrest of his brother in a separate criminal case.
The case against his brother, conducted by Lithuania’s Financial Crime Investigation Service (FNTT), is still ongoing. Paluckas has been questioned as a witness in that case, which alleges credit fraud, embezzlement of EU funds, and corruption, the FNTT told Siena in a written statement.
In recent weeks, Lithuanian President Gitanas Nausėda, members of his Social Democratic party, and some of its coalition partners have publicly urged Paluckas to resign from parliament. Paluckas, however, said he will remain both an MP and a member of the Social Democrats.
“As long as I have passion, I will be in politics. When it is gone, then I will go do other things,” he told journalists after the prosecutor general addressed parliament.
-
The “We’re Not Allowed to Question This” Gambit
Anyone who truly values open and rational discussions about controversial subjects need to be cleared-eyed about where the threat to such dialogue is coming from.
The post The “We’re Not Allowed to Question This” Gambit first appeared on Science-Based Medicine.
-
Belarus Ramps Up Arms Pipeline to Russia Amid Sanctions Gaps
Data obtained by reporters for 58 Belarusian companies shows the value of vital military equipment sent to Russian arms manufacturers doubled in 2024 compared to 2022, the year Moscow launched its full-scale invasion of Ukraine.
The Belarusian companies sent at least $1.2-billion worth of components to Russia from February 2022 to August 2025, according to export data obtained by the Belarusian Investigative Center (BIC), an OCCRP member center.
The firms supplied optics, missile-launching equipment, and heavy wheeled chassis to 41 Russian defense plants, including those with civilian product lines, according to the data.
The Belarusian pipeline is critical for Moscow. Ukrainian military intelligence assesses that Russia is highly dependent on its neighbor in several key categories: relying on Belarus for as much as 85 percent of its optoelectronic systems and sights, up to 90 percent of its wheeled chassis for missile systems and heavy equipment, and up to 80 percent of its transport-launching and loading units.
A little more than half of the Belarusian suppliers reviewed by reporters are subject to Western sanctions. Among the 29 unsanctioned firms is Brake Hydraulics — a Belarusian subsidiary of a U.K. company — which supplied parts to a Russian armored personnel carrier manufacturer.
BIC sent requests for comment to all the Belarusian and Russian companies, as well as the authorities involved, including Belarus’ State Authority for Military Industry. None responded.
The largest supplier identified in the data is JSC Peleng, a Belarusian producer of optoelectronic systems. BIC found that Peleng shipped $875 million in goods to Russia. This included $362 million worth of material to the Vologda Optical and Mechanical Plant, which manufactures sights for tanks and armored vehicles, and $281-million worth of targeting equipment to Uralvagonzavod, a major Russian tank producer.
Ukrainian military intelligence confirmed to BIC that Peleng products — including fire-control systems and thermal imaging sights — have been found inside captured Russian tanks and armored personnel carriers.
The second-largest supplier by shipment value was the Minsk Wheeled Tractor Plant. The company supplied at least 91 chassis worth more than $30 million to Motovilikhinskiye Zavody, a Russian metallurgical and military equipment manufacturer that produces howitzers among other products. The Belarusian company also sent nearly $52 million in components to Titan-Barrikady, which makes self-propelled launchers, and $44 million to NZ 70 Letiya Pobedy, a producer of air defense system components.
Andrii Kharuk, a Ukrainian military historian and professor at the Hetman Petro Sahaidachnyi National Army Academy, said Russia remains dependent on Belarusian thermal imagers and chassis, because its own domestic industry cannot meet the surging demand caused by battlefield losses.
A third major player, OKB TSP — which specializes in weapons systems and military control hardware and software — supplied $62 million in transport-launching and loading units to NPO Mashinostroyeniya, the Russian producer of cruise missiles.
The three largest suppliers are sanctioned, but many of the companies contributing to military exports are free to operate on the global market.
Pavlo Shkurenko, a sanctions researcher at the Kyiv School of Economics, said the absence of these suppliers from international blacklists stems from slow legal procedures, the conflicting interests of individual EU member states, and varying levels of political will.
“In our experience, evidence of shipments to companies in the Russian military industry should be enough to designate the suppliers,” Shkurenko said.
“Although the development and implementation of sanctions are not perfect, they increase the cost and scarcity of critical components for the Russian and Belarusian military industries, (forcing) internal competition which degrades civilian sectors, further spreading Russia’s limited resources,” he added.
The data obtained by BIC also shows that, from April 2022 to July 2025, Belarusian companies received about $800,000 worth of Western-origin goods routed through Russia.
These shipments included German electrical and chemical analysis instruments, Swiss motors and electrical components, British integrated circuits, American microchips, and Italian chip-manufacturing hardware. To obscure the supply chain, some goods were shipped via companies in Hong Kong, China, Thailand and India before eventually reaching Russia and crossing into Belarus.
-
Ethiopian woman’s joy at rare quintuplets after 12 years trying for a baby
The woman, 35, says she was praying for a baby and was “overjoyed” to be “blessed with five at once”. -
U.S. Removes Bulgaria from Piracy Watch List After Torrent Tracker Crackdown
More than six years ago, Bulgaria informed the U.S. authorities that it wanted to shut down the country’s largest torrent trackers, including ArenaBG, Zamunda, and Zelka.
Specifically, the country asked the U.S. authorities for help. That help eventually arrived in January this year, when the domain names of these torrent trackers were effectively seized.
Seized 
The multinational effort involved Bulgarian authorities and law enforcement, as well as their American counterparts. This included the U.S. Department of Justice, Homeland Security Investigations, and National IPR Coordination Center, which were all featured on the seizure banner that’s still online today.
Multi-Decade Crackdown
The crackdown did not come as a surprise. Rightsholders have complained about the Bulgarian torrent trackers for many years, and the local authorities have also tried to address these issues for nearly two decades.
As far back as 2010, Yavor Kolev, the head of Bulgaria’s Computer Crimes Department, said that his organization was intent on shutting down Zamunda and ArenaBG. At the time, police investigations into these trackers had already been ongoing for years.
While the authorities managed to shut down some pirate sites over the years, these major targets survived. In fact, Zamunda had grown to become the 11th most visited site at the start of 2026, until its main domain was seized in January.
U.S. Piracy Watch List
Bulgaria’s challenge to address the local piracy problems motivated the USTR to add the country to the Special 301 Report. This annual overview is meant to urge foreign governments to improve policy and legislation in favor of U.S. copyright holders.
In 2025, for example, Bulgaria was put on the “Watch List” with USTR stating that the country “continues to be a safe haven for online piracy.”
There was change afoot, however, as the country enacted new legislation in 2023 that would make it easier to investigate and prosecute piracy cases. While that had not been used until recently, it provided the basis for the crackdown that took place in January.
Bulgaria Removed from Watch List
The implementation of the new legislation and the subsequent torrent tracker crackdown worked. The latest version of the USTR Special 301 Report specifically states that Bulgaria was removed because of the progress it has made. This relates to the shutdowns and associated prosecutions, which remain ongoing.
“Bulgaria is removed from the Watch List this year due to significant enforcement actions and progress in criminal prosecutions during the past year,” USTR writes.
From the Special 301 Report 
USTR specifically references Article 172a of the updated criminal code, which allows for the criminal prosecution of people who “create conditions” for online piracy through the “development and maintenance” of torrent trackers and other platforms. This law was used as the basis for the January crackdown, which led to the arrest of several individuals.
“In January 2026, Bulgarian law enforcement seized the five most popular Bulgarian piracy domains, executed search and seizure warrants at 30 locations, and arrested several individuals, some of whom have been charged under Article 172a discussed above,” the report reads.
According to local reports, the operation targeted 44 websites, not just the three mentioned trackers. By February, three of the four detained individuals had been formally charged.
While Bulgaria must be happy with this development, the country was previously removed from the watchlist in 2007 and 2018, just to be readded over new concerns within a few years. Time will tell whether this year’s removal will last.
More Removals and Additions
Bulgaria isn’t the only country to see its status change in this year’s Special 301 Report. Argentina and Mexico are both moved from the Priority Watch List to the lower-tier Watch List.
Argentina is credited for its February 2026 agreement with U.S. authorities, where the country promised to address site-blocking, ISP liability, and online enforcement. Mexico’s lowered risk is tied to draft amendments to the Federal Copyright Law and Federal Criminal Code, which would clarify ISP secondary liability and remove the “direct economic benefit” requirement, which was a roadblock for criminal piracy prosecutions.
The European Union, meanwhile, was added to the Watch List for the first time as a bloc since 2006. USTR cites a wide variety of concerns, including parts of the Digital Services Act, which rightsholders believe may impact their rights. The newly applicable AI Act is also flagged for monitoring.
The most notable change related to Vietnam, however, which was the first country in thirteen years to be designated as a Priority Foreign Country. According to the USTR, the country’s failure to take action against copyright infringers has turned it into a safe haven for pirate site operators.
—
A copy of the U.S. Trade Representative’s 2026 Special 301 Report is available here (pdf).
From: TF, for the latest news on copyright battles, piracy and more.
-
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.
A screenshot shared by a reader showing the extortion message that was shown on the Canvas login page today.
Canvas parent firm Instructure [NYSE:INST] responded to today’s defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students.
Instructure acknowledged a data breach earlier this week, after the cybercrime group ShinyHunters claimed responsibility and said they would leak data on tens of millions of students and faculty unless paid a ransom. The stated deadline for payment was initially set at May 6, but it was later pushed back to May 12.
In a statement on May 6, Instructure said the investigation so far shows the stolen information includes “certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as as messages among users.” The company said it found no evidence the breached data included more sensitive information, such as passwords, dates of birth, government identifiers or financial information.
The May 6 update stated that Canvas was fully operational, and that Instructure was not seeing any ongoing unauthorized activity on their platform. “At this stage, we believe the incident has been contained,” Instructure wrote.
However, by mid-day on Thursday, May 7, students and faculty at dozens of schools and universities were flooding social media sites with comments saying that a ransom demand from ShinyHunters had replaced the usual Canvas login page. Instructure responded by pulling Canvas offline and replacing the portal with the message, “Canvas is currently undergoing scheduled maintenance. Check back soon.”
“We anticipate being up soon, and will provide updates as soon as possible,” reads the current message on Instructure’s status page.
While the data stolen by ShinyHunters may or may not contain particularly sensitive information (ShinyHunters claims it includes several billion private messages among students and teachers, as well as names, phone numbers and email addresses), this attack could hardly have come at a worse time for Instructure: Many of the affected schools and universities are in the middle of final exams, and a prolonged outage could be highly damaging for the company.
The extortion message that greeted countless Canvas users today advised the affected schools to negotiate their own ransom payments to prevent the publication of their data — regardless of whether Instructure decides to pay.
“ShinyHunters has breached Instructure (again),” the extortion message read. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
A source close to the investigation who was not authorized to speak to the press told KrebsOnSecurity that a number of universities have already approached the cybercrime group about paying. The same source also pointed out that the ShinyHunters data leak blog no longer lists Instructure among its current extortion victims, and that the samples of data stolen from Canvas customers were removed as well. Data extortion groups like ShinyHunters will typically only remove victims from their leak sites after receiving an extortion payment or after a victim agrees to negotiate.
Dipan Mann, founder and CEO of the security firm Cloudskope, slammed Instructure for referring to today’s outage as a “scheduled maintenance” event on its status page. Mann said Shiny Hunters first demonstrated they’d breached Instructure on May 1, prompting Instructure’s Chief Information Security Officer Steve Proud to declare the following day that the incident had been contained. But Mann said today’s attack is at least the third time in the past eight months that Instructure has been breached by ShinyHunters.
In a blog post today, Mann noted that in September 2025, ShinyHunters released thousands of internal University of Pennsylvania files — donor records, internal memos, and other confidential materials — through what the Daily Pennsylvanian and other outlets later determined was, in part, a Canvas/Instructure-mediated access path.
“Penn was the named victim,” Mann wrote. “Instructure was the mechanism. The incident was treated as a Penn-specific story by most of the national press and quietly handled by Instructure as a customer-specific matter. That framing was wrong then. It is dramatically more wrong in light of the May 2026 events, which now look like the planned escalation of an attack pattern that ShinyHunters had been working against Instructure’s environment for at least eight months prior. The September 2025 Penn breach was the proof of concept. The May 1, 2026 incident was the production run. The May 7, 2026 recompromise was ShinyHunters demonstrating publicly that the May 2 ‘containment’ did not happen.”
In February, a ShinyHunters spokesperson told The Daily Pennsylvanian that Penn failed to pay a $1 million ransom demand. On March 5, ShinyHunters published 461 megabytes worth of data stolen from Penn, including thousands of files such as donor records and internal memos.
ShinyHunters is a prolific and fluid cybercriminal group that specializes in data theft and extortion. They typically gain access to companies through voice phishing and social engineering attacks that often involve impersonating IT personnel or other trusted members of a targeted organization.
Last month, ShinyHunters relieved the home security giant ADT of personal information on 5.5 million customers. The extortion group told BleepingComputer they breached the company by compromising an employee’s Okta single sign-on account in a voice phishing attack that enabled access to ADT’s Salesforce instance. BleepingComputer says ShinyHunters recently has taken credit for a number of extortion attacks against high-profile organizations, including Medtronic, Rockstar Games, McGraw Hill, 7-Eleven and the cruise line operator Carnival.
The attack on Canvas customers is just one of several major cybercrime campaigns being launched by ShinyHunters at the moment, said Charles Carmakal, chief technology officer at the Google-owned Mandiant Consulting. Carmakal declined to comment specifically on the Canvas breach, but said “there are multiple concurrent and discreet ShinyHunters intrusion and extortion campaigns happening right now.”
Cloudskope’s Mann said what happens next depends largely on whether Instructure’s customers — the universities, K-12 districts, and education ministries paying for Canvas — choose to apply pressure or absorb the breach quietly.
“The history of education-vendor incidents suggests the path of least resistance is the second one,” he concluded.
