The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pro-Iran crew turns DDoS into shakedown as Ubuntu com stays down
May 1, 2026
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. “I can confirm that Canonical’s web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack” a Canonical spokesperson told The Register. “Our teams are working to restore full availability to all ...
- FBI: Hackers making millions from stolen cargo – losses ‘surged’ to nearly $725 million in 2025
May 1, 2026
The FBI has warned cybercriminals are increasingly targeting cargo shipments with hacking and impersonation tactics – and making a hefty profit doing so. With incidents rising 18% in 2025 and the average value per theft up around 36% (to $273,990) due to criminals targeting high-value goods, losses in the US and Canada alone hit around $725 ...
- More PayPal emails hijacked to deliver tech support scams
April 30, 2026
Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer ...
- French prosecutors link 15-year-old to mega-breach at state’s secure document agency
April 30, 2026
French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents. The Paris Prosecutor’s Office announced on Thursday that the minor, suspected of using the online alias “breach3d” and not named because French law protects minors, faces two computer crime ...
- Silver Fox uses new ABCDoor backdoor to target organisations in Russia and India
April 30, 2026
In December 2025, Kaspersky researchers detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. Kaspersky have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails ...
- Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
April 30, 2026
Through ongoing analysis of ShadowPad implants targeting South and Southeast Asia, TrendAI Research has uncovered a series of new related campaigns that are tracked under a temporary intrusion set (a provisional cluster of related activity pending formal attribution) designated SHADOW-EARTH-053, which we assess to be aligned with China’s broader strategic interests. Trend Micro telemetry indicates that ...