VulnHub

Real-time Cybersecurity News

Instructure confirms data breach, ShinyHunters claims attack

BleepingComputer
Actively Exploited
Data Breach

Overview

Instructure, an educational technology company, has confirmed that it suffered a data breach after a cyberattack. The ShinyHunters group, known for its extortion tactics, claims responsibility for the attack. Users of Instructure's platforms, which include tools like Canvas, may have had their personal data compromised. This incident raises concerns about the security of educational technologies and the potential risks to students and educators. As cyberattacks on educational institutions become more frequent, stakeholders need to ensure that proper security measures are in place to protect sensitive information.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Instructure's Canvas platform and potentially other educational tools
  • Action Required: Users should change their passwords and enable two-factor authentication where possible.
  • Timeline: Newly disclosed

Original Article Summary

Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]

Impact

Instructure's Canvas platform and potentially other educational tools

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should change their passwords and enable two-factor authentication where possible. Instructure is likely to provide further guidance on securing accounts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

The Hacker News

A major international operation has led to the arrest of at least 276 individuals involved in cryptocurrency investment scams that targeted American citizens. The crackdown was spearheaded by Dubai Police, in collaboration with the U.S. Federal authorities, and resulted in the closure of nine scam centers. These operations had reportedly caused millions of dollars in losses to unsuspecting investors. This coordinated effort underscores the growing issue of cryptocurrency fraud, which has become increasingly prevalent as more people engage in digital investments. The significant amount seized, totaling $701 million, indicates the scale of these scams and the need for ongoing vigilance in the crypto space.

May 4, 2026

Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

Security Affairs

In April 2026, Sistemi Informativi, an IBM Italy subsidiary responsible for IT infrastructure management for various public and private institutions, suffered a significant breach. This incident is believed to be linked to the Chinese cyber operation known as Salt Typhoon. The breach raises alarms about the vulnerability of European digital defenses, especially as it targets a company managing critical infrastructure. The attack underscores the ongoing risks posed by state-sponsored cyber activities and highlights the need for enhanced cybersecurity measures across Europe. Organizations that rely on Sistemi Informativi for IT services may face increased risks as a result of this incident, prompting a review of their security protocols and defenses.

May 3, 2026

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

Hackread – Cybersecurity News, Data Breaches, AI and More

VECT 2.0 ransomware is a new and dangerous strain that has been discovered to have serious flaws that can irreversibly destroy files. Victims of this ransomware will find that paying the ransom is futile, as the data is lost permanently, making recovery impossible. This situation poses a significant risk to individuals and organizations worldwide, as it undermines the traditional hope of recovering data through ransom payments. The emergence of VECT 2.0 highlights the evolving tactics of cybercriminals and the need for better preventive measures. Users and organizations are urged to strengthen their cybersecurity defenses to avoid falling victim to this destructive ransomware.

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

BleepingComputer

Recent research has revealed that scammers are exploiting Telegram's Mini App feature to conduct crypto scams and distribute Android malware. These operations involve impersonating reputable brands to trick users into providing personal information or investing in fraudulent schemes. The use of Telegram's platform allows these scams to reach a wide audience, putting many users at risk of financial loss and malware infections. This situation raises concerns about the security measures in place on social media platforms and highlights the need for users to be cautious when engaging with unfamiliar applications or links. Overall, this incident serves as a reminder for users to verify the legitimacy of offers and be vigilant against potential scams online.

May 3, 2026

Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

In a recent development, two U.S. cybersecurity experts have been sentenced for their involvement in a ransomware case. Their actions contributed to the growing issue of ransomware attacks that have been plaguing various sectors, highlighting the ongoing struggles law enforcement faces in combating cybercrime. A third individual connected to the case is awaiting a ruling scheduled for July. Additionally, Trellix has disclosed a breach that raises concerns about the security of its systems, though specific details about the breach have not been shared. These incidents serve as a reminder of the persistent threats in the cybersecurity landscape and the need for organizations to bolster their defenses against such attacks.

May 3, 2026

Trellix discloses the breach of a code repository

Security Affairs

Trellix has reported a security breach involving unauthorized access to a portion of its source code repository. The company has stated that there are no indications of the compromised code being misused. In response to the incident, Trellix quickly initiated an investigation with forensic experts and has notified law enforcement to assist in the matter. While the breach raises concerns about the security of the company’s intellectual property, Trellix assures that no customer data has been affected. This incident serves as a reminder for companies to continually monitor and secure their source code environments to prevent potential exploitation in the future.

May 2, 2026