IT News Roundup: Anthropic Hits $965B Valuation, Ghost CMS Exploited, Canvas Breach - May 29, 2026

The latest week in technology brought headline-making developments across AI funding, cybersecurity threats, and data protection. Anthropic closed the largest startup funding round in history, while multiple critical vulnerabilities were actively exploited in the wild. Meanwhile, the massive Instructure Canvas breach continues to unfold, and researchers warn that AI-assisted coding is creating an unprecedented surge in software vulnerabilities.

Anthropic Raises $65 Billion at $965 Billion Valuation, Eclipsing OpenAI

Anthropic has closed a $65 billion Series H funding round at a post-money valuation of $965 billion, marking the largest single funding round ever raised by a startup. The round was led by Altimeter Capital, Dragoneer, Greenoaks, and Sequoia Capital.

The valuation puts Anthropic ahead of rival OpenAI for the first time, positioning the company just shy of a trillion-dollar valuation ahead of a potential IPO. The capital will be used to expand computing capacity to meet growing demand for its Claude chatbot and other AI products. Industry analysts note this marks a significant shift in the competitive landscape of the AI sector, with Anthropic's focus on safety-aligned AI resonating with institutional investors.

Source: Reuters, TechCrunch, CNBC

Ghost CMS SQL Injection Vulnerability Exploited in Large-Scale ClickFix Campaign

A critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980, CVSS 9.4) is being actively exploited in a large-scale campaign targeting over 700 websites. The flaw in Ghost's Content API allows unauthenticated attackers to read arbitrary data from the database, including Admin API keys.

Researchers at QiAnXin XLab identified that attackers are using the vulnerability to inject malicious JavaScript code that triggers ClickFix attacks — a scheme that lures visitors into clicking fake CAPTCHA pages that ultimately install potentially unwanted programs. The vulnerability was originally patched in February 2026 in version 6.19.1, but many sites remain on unpatched versions. Administrators running Ghost CMS versions 5.80.0 through 5.82.4 are urged to update immediately to version 5.82.5 or later.

Source: BleepingComputer, The Hacker News

Critical Buffer Overflow in Palo Alto Networks PAN-OS Firewalls Confirmed Exploited

Palo Alto Networks has confirmed that CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service, is being actively exploited in the wild. The flaw, carrying a CVSSv4 score of 9.3, affects PAN-OS PA-Series and VM-Series firewall appliances and allows attackers to execute arbitrary code with root privileges by sending specially crafted packets.

Rapid7's Emergency Response Team confirmed the exploitation shortly after Palo Alto's May 6 advisory. The vulnerability is particularly dangerous because it requires no authentication and grants full root-level access to the firewall. Organizations using affected PAN-OS versions are advised to apply patches immediately and restrict access to the User-ID Authentication Portal from untrusted networks. Prisma Access, Cloud NGFW, and Panorama appliances are not affected.

Source: Palo Alto Networks, Rapid7

Instructure Canvas Data Breach Exposes Records of 240+ Million Students and Staff

The Instructure Canvas data breach continues to unfold as one of the largest education-sector compromises on record. Attackers infiltrated Instructure's systems in early May 2026 and extracted what they claim are over 240 million data records belonging to students, teachers, and staff across thousands of educational institutions worldwide. The exposed data includes names, email addresses, enrolled courses, and other educational records.

Instructure provides Canvas to approximately 30 million active participants at over 8,000 educational institutions in the United States and internationally. The hackers threatened to publish 3.5 terabytes of stolen data, prompting Instructure to negotiate with the criminals in an effort to have the data deleted. The incident highlights the systemic risks faced by centralized educational platforms that aggregate sensitive data from millions of users.

Source: BBC News, Privacy Guides

Iranian Government-Linked Hackers Blamed for LA Metro Transit System Breach

Israeli security researchers have attributed a March 2026 cyberattack on Los Angeles' transit system to Iranian government-linked hackers. The breach forced LA Metro to shut down parts of its ticketing and operations infrastructure, causing weeks of disruption to one of the busiest public transit systems in the United States.

According to Cybersecurity Dive, the attackers gained access to a virtual machine within the transit network and used it to sabotage computer infrastructure. The attribution shifts earlier speculation that the attack may have been the work of hacktivist groups. The incident underscores the growing vulnerability of critical infrastructure to nation-state cyber operations and the extended recovery timelines such attacks can impose.

Source: Reuters, TechCrunch, Cybersecurity Dive

AI-Generated Code Creating Surge in Security Vulnerabilities, Driving Demand for Cybersecurity Experts

A New York Times report published May 24 highlights a growing paradox in the software industry: as AI tools generate more code faster than ever, they are simultaneously introducing new bugs and vulnerabilities at an unprecedented rate. The result has been a sharp surge in hiring for cybersecurity professionals across the tech sector.

The phenomenon, sometimes called the 'code overload' problem, means that the volume of AI-assisted code now being written outpaces the ability of security teams to review and harden it. Developers using AI coding assistants may not fully understand the functionality of AI-generated code, leading to undetected security flaws. The report notes that cybersecurity hiring has accelerated significantly as organizations scramble to address the expanding attack surface created by rapid AI-driven development.

Source: The New York Times

Zscaler Reports Downbeat Revenue Guidance as Cybersecurity Competition Intensifies

Zscaler reported its third-quarter fiscal 2026 earnings with revenue of $850.5 million (up 25% year-over-year) but provided fourth-quarter guidance that fell short of analyst expectations. The cloud security provider forecast revenue between $875 million and $878 million, below the $878.6 million expected by FactSet analysts.

The stock dropped 31% following the announcement — the company's worst single-day performance. Zscaler cited intensifying competition in the cybersecurity market as enterprises become more selective with spending. The company also announced leadership changes in its sales organization. Despite the record operating margin achieved in the quarter, the cautious guidance signals that the zero-trust security market is facing pricing pressure and increased competition from both established vendors and newer entrants.

Source: Reuters, CNBC

Black Duck Report: Open Source Vulnerabilities Per Codebase Have Doubled

Black Duck's 2026 Open Source Security and Risk Analysis (OSSRA) report reveals that the mean number of open source vulnerabilities per codebase has more than doubled year-over-year, jumping 107% to an average of 581 vulnerabilities. The report attributes much of this increase to the explosion in AI-generated code, which has accelerated the adoption of open source components without corresponding improvements in security review practices.

Key findings include: 87% of codebases are now at risk from open source vulnerabilities, open source component counts increased 30% year-over-year, and the number of files per codebase grew 74%. License conflicts reached their highest levels in OSSRA history, with two-thirds of audited codebases containing conflicts. The report warns that immature open source projects lacking basic engineering practices are a growing source of latent security issues.

Source: Black Duck