The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ukrainian gets five years for helping North Koreans secure US tech jobs
February 20, 2026
Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment. The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US. In November 2025, Didenko pleaded guilty to wire fraud and ...
- FBI: Increase in malware enabled ATM jackpotting incidents across United States
February 19, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the ...
- Arkanix Stealer: C++ and Python infostealer
February 19, 2026
In October 2025, Kaspersky researchers discovered a series of forum posts advertising a previously unknown stealer, dubbed “Arkanix Stealer” by its authors. It operated under a MaaS (malware-as-a-service) model, providing users not only with the implant but also with access to a control panel featuring configurable payloads and statistics. The set of implants included a publicly ...
- Chinese hack exposes data of 5,000 Italian counterterrorism officers
February 18, 2026
Personal data of roughly 5,000 Italian Digos officers — including names, roles and postings — was reportedly obtained by hackers linked to China after a cyber intrusion into the Interior Ministry’s network between 2024 and 2025. The breach potentially exposes officers involved in counterterrorism and monitoring Chinese dissidents, raising serious national security concerns and complicating Italy’s ...
- Data breach at fintech giant Figure affects close to a million customers
February 18, 2026
The data breach that hit blockchain-based lending giant Figure affected nearly a million customers, according to a security researcher. Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems. The company did not provide specifics on what kind of data was stolen nor say how many customers ...
- Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
February 17, 2026
In April 2025, Kaspersky reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect any app on the device. This allowed ...