VulnHub

Real-time Cybersecurity News

Instructure hacker claims data theft from 8,800 schools, universities

BleepingComputer
Actively Exploited
PhishingData Breach

Overview

A hacker claims to have stolen around 280 million data records from 8,809 educational institutions, including colleges, school districts, and online platforms, in a breach involving Instructure, a prominent education technology company. The records reportedly contain sensitive information about students and staff, raising concerns over identity theft and privacy violations. This incident highlights the vulnerabilities in educational systems, which often store vast amounts of personal data. Users and institutions need to be vigilant about potential phishing attacks and other exploits that could arise from this breach. The impact on students and staff could be severe, as their personal information may be used maliciously.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Instructure's educational platforms, data records of students and staff from 8,809 institutions.
  • Action Required: Educational institutions should notify affected individuals, monitor for suspicious activity, and review data security measures to prevent future breaches.
  • Timeline: Newly disclosed

Original Article Summary

The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. [...]

Impact

Instructure's educational platforms, data records of students and staff from 8,809 institutions.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Educational institutions should notify affected individuals, monitor for suspicious activity, and review data security measures to prevent future breaches.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Data Breach.

Read Original Article

Related Coverage

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Security Affairs

Apache has released updates to address multiple vulnerabilities in its HTTP Server, including a serious flaw identified as CVE-2026-23918. This vulnerability, which has a CVSS score of 8.8, is a double-free error in the handling of HTTP/2 requests. If exploited, it could allow attackers to execute arbitrary code on affected systems. Organizations using Apache HTTP Server, particularly those enabling HTTP/2, should prioritize updating their software to mitigate this risk. The nature of the flaw makes it critical for system administrators to be proactive in applying the latest patches to safeguard against potential attacks.

May 6, 2026

CISA: Critical Infrastructure Must Master Isolation, Recovery

SecurityWeek

The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance aimed at helping operators of critical infrastructure bolster their defenses against potential cyberattacks from foreign adversaries. This guidance stresses the importance of mastering isolation and recovery strategies to mitigate damage from attacks. Given the rising number of cyber threats targeting vital systems, this advice is particularly relevant for sectors like energy, transportation, and public health. By implementing these practices, organizations can better prepare for incidents, ensuring that they can maintain operations and recover swiftly after an attack. This proactive approach is essential for safeguarding national security and economic stability.

May 6, 2026

Proton Mail brings quantum-safe email encryption to all accounts

Help Net Security

Proton Mail has rolled out an optional feature called post-quantum protection for all users, including those on the free plan. This new capability generates encryption keys that aim to secure future emails from potential quantum computer attacks. To use this feature, users must update their Proton Mail apps, as older versions do not support the new encryption keys. This move is significant because it prepares users' email communications for a future where quantum computing could compromise traditional encryption methods. By enabling post-quantum protection, users can enhance the security of their encrypted emails against evolving threats.

May 6, 2026

Sophisticated Quasar Linux RAT Targets Software Developers

SecurityWeek

A new remote access trojan (RAT) known as Quasar is targeting software developers, allowing attackers to gain unauthorized access to systems. This malware is particularly concerning because it can perform surveillance and exfiltrate credentials, putting sensitive information at risk. Developers who work with Linux systems are especially vulnerable to this sophisticated implant. The presence of such malware in the wild raises alarms about the security of development environments and the potential for broader attacks on software supply chains. Users and companies should take immediate steps to secure their systems against this threat, as the implications could affect many in the tech industry.

May 6, 2026

Websites with an undefined trust level: avoiding the trap

Securelist

The article discusses the growing issue of suspicious websites and how users can differentiate between safe and fraudulent sites. It provides insights into the types of untrusted sites that Kaspersky's solutions are now able to detect, backed by global statistics. This information is crucial for internet users, as falling victim to these fraudulent sites can lead to identity theft, financial loss, or malware infections. By understanding how to identify these threats, individuals can better protect themselves online. The article emphasizes the importance of being cautious while browsing and staying informed about the risks associated with untrusted websites.

May 6, 2026

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

BleepingComputer

Palo Alto Networks has issued a warning regarding a serious, unpatched vulnerability in the User-ID Authentication Portal of its PAN-OS. This flaw, categorized as a remote code execution (RCE) vulnerability, is currently being exploited in real-world attacks, putting users at significant risk. Organizations using affected versions of PAN-OS should be particularly vigilant as attackers may leverage this weakness to gain unauthorized access to systems. It's crucial for companies to assess their firewall configurations and implement necessary security measures to protect against potential breaches. The situation underscores the need for prompt action in addressing vulnerabilities as they arise.

May 6, 2026