The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Open the wrong “PDF” and attackers gain remote access to your PC
February 5, 2026
Cybercriminals behind a campaign dubbed DEAD#VAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents. Open the wrong “invoice” or “purchase order” and you won’t see a document at all. Instead, Windows mounts a virtual drive that quietly installs AsyncRAT, a backdoor Trojan that allows ...
- Data breach at govtech giant Conduent balloons, affecting millions more Americans
February 5, 2026
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States. The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million ...
- Paris prosecutor’s cybercrime unit searches X office
February 3, 2026
French police raided the offices of Elon Musk’s social media network X on Tuesday and prosecutors ordered the tech billionaire to face questions in April in a widening investigation, amid growing scrutiny of the platform by authorities across Europe. France’s raid and the summoning of Musk — which could further increase tensions between Europe and the ...
- Polish authorities arrest 20-year-old man on suspicion of carrying out DDoS attacks
February 3, 2026
Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks. The Central Bureau for Combating Cybercrime (CBZC) claims the unnamed individual was responsible for attacks on “numerous popular websites,” including those of strategic importance. Given the context, it can be reasonably assumed that strategically important websites likely refers to those providing essential ...
- Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof
February 2, 2026
Russian ransomware operators Qilin have claimed to have broken into the Tulsa International Airport and stolen an unspecified amount of sensitive company data. A report from Cybernews says the group recently added the airport to their data leak site, and included 18 samples as proof of their claims. The researchers analyzed the samples, finding it included ...
- The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
February 2, 2026
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors. Rapid7 investigation ...