The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US healthcare AI platform Xsolis confirms data breach that affects 1.4 million individuals
June 23, 2026
Healthcare technology company Xsolis disclosed a cyberattack in which it lost sensitive data on almost 1.4 million customers. Xsolis is a company that uses AI to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notification on its website, saying that it ...
- A VBScript campaign distributed through WhatsApp deploying RMM software
June 22, 2026
In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, ...
- Brazil probes emergency warning system after nationwide rogue alert
June 22, 2026
The Brazilian National Secretariat for Civil Protection and Defense (SEDEC) and Federal Police (PF) are investigating a suspected hack of the country’s emergency alert system after an unauthorized “extreme” alert pinged devices across the country. Defesa Civil Nacional confirmed that its dispatch platform, often used to inform the public about severe weather events, was taken offline in ...
- Gizmodo readers hit with ClickFix malware prompts after account compromise
June 22, 2026
Veteran tech website Gizmodo confirmed a compromise on Saturday after readers reported ClickFix malware prompts appearing on article pages. Users posted screenshots of fake CAPTCHA windows appearing on Gizmodo’s site. The attack aims to fool users into running malicious code via their terminals. According to Proofpoint threat researcher Tommy M, the attack was seemingly launched by an affiliate of ...
- Security experts warn of AI-boosted scam campaigns that can trick even the smartest victims
June 21, 2026
Messaging scams are becoming increasingly sophisticated as criminals use AI to imitate trusted people, familiar brands, and everyday conversations. New research from Kaspersky suggests these schemes are succeeding with alarming speed, often convincing victims to hand over money within minutes. The findings indicate that digital experience alone may no longer provide reliable protection against modern fraud attempts. Read more… Source: TechRadar ...
- Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom
June 20, 2026
Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity. An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees. Read more… Source: ...