The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp
December 2, 2025
Brazil has seen a recent surge of threats delivered via WhatsApp. As observed in Trend Micro previously published research on the SORVEPOTEL malware and the broader Water Saci campaignopen on a new tab, this popular platform has been used to launch sophisticated campaigns. Unsuspecting users receive convincing messages from trusted contacts, often crafted to exploit social ...
- Tomiris wreaks Havoc: New tools and techniques of the APT group
November 28, 2025
While tracking the activities of the Tomiris threat actor, Kaspersky researchers identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In several cases, Kaspersky traced the threat actor’s actions from initial infection to the deployment of post-exploitation ...
- Organised crime online: How Europol disrupts cybercrime
November 27, 2025
How does Europol target cybercrime networks? Investigate phishing-as-a-service platforms? Or help tackle child sexual exploitation? This publication, presented at the Committee on Civil Liberties, Justice and Home Affairs Ordinary (LIBE), provides a general overview on how Europol disrupts cybercrime, taking the key insights from the Internet Organised Crime Threat Assessment (IOCTA) and EU Serious and Organised ...
- The Golden Scale: ‘Tis the Season for Unwanted Gifts
November 26, 2025
In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). This latest ...
- Multiple London councils hit by ‘cyber attack’
November 26, 2025
Several London councils have been hit by a “cyber attack” which could have compromised residents’ data. Kensington and Chelsea, Hammersmith and Fulham, and Westminster City councils said they have been responding to a “cyber security issue” since Monday morning. The councils, which share a number of IT systems, added they are working with the “help of ...
- FBI: Account Takeover Fraud via Impersonation of Financial Institution Support
November 25, 2025
The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the ...