Feed aggregator

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.

A screenshot shared by a reader showing the extortion message that was shown on the Canvas login page today.

Canvas parent firm Instructure [NYSE:INST] responded to today’s defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students.

Instructure acknowledged a data breach earlier this week, after the cybercrime group ShinyHunters claimed responsibility and said they would leak data on tens of millions of students and faculty unless paid a ransom. The stated deadline for payment was initially set at May 6, but it was later pushed back to May 12.

In a statement on May 6, Instructure said the investigation so far shows the stolen information includes “certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as as messages among users.” The company said it found no evidence the breached data included more sensitive information, such as passwords, dates of birth, government identifiers or financial information.

The May 6 update stated that Canvas was fully operational, and that Instructure was not seeing any ongoing unauthorized activity on their platform. “At this stage, we believe the incident has been contained,” Instructure wrote.

However, by mid-day on Thursday, May 7, students and faculty at dozens of schools and universities were flooding social media sites with comments saying that a ransom demand from ShinyHunters had replaced the usual Canvas login page. Instructure responded by pulling Canvas offline and replacing the portal with the message, “Canvas is currently undergoing scheduled maintenance. Check back soon.”

“We anticipate being up soon, and will provide updates as soon as possible,” reads the current message on Instructure’s status page.

While the data stolen by ShinyHunters may or may not contain particularly sensitive information (ShinyHunters claims it includes several billion private messages among students and teachers, as well as names, phone numbers and email addresses), this attack could hardly have come at a worse time for Instructure: Many of the affected schools and universities are in the middle of final exams, and a prolonged outage could be highly damaging for the company.

The extortion message that greeted countless Canvas users today advised the affected schools to negotiate their own ransom payments to prevent the publication of their data — regardless of whether Instructure decides to pay.

“ShinyHunters has breached Instructure (again),” the extortion message read. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.'”

A source close to the investigation who was not authorized to speak to the press told KrebsOnSecurity that a number of universities have already approached the cybercrime group about paying. The same source also pointed out that the ShinyHunters data leak blog no longer lists Instructure among its current extortion victims, and that the samples of data stolen from Canvas customers were removed as well. Data extortion groups like ShinyHunters will typically only remove victims from their leak sites after receiving an extortion payment or after a victim agrees to negotiate.

Dipan Mann, founder and CEO of the security firm Cloudskope, slammed Instructure for referring to today’s outage as a “scheduled maintenance” event on its status page. Mann said Shiny Hunters first demonstrated they’d breached Instructure on May 1, prompting Instructure’s Chief Information Security Officer Steve Proud to declare the following day that the incident had been contained. But Mann said today’s attack is at least the third time in the past eight months that Instructure has been breached by ShinyHunters.

In a blog post today, Mann noted that in September 2025, ShinyHunters released thousands of internal University of Pennsylvania files — donor records, internal memos, and other confidential materials — through what the Daily Pennsylvanian and other outlets later determined was, in part, a Canvas/Instructure-mediated access path.

“Penn was the named victim,” Mann wrote. “Instructure was the mechanism. The incident was treated as a Penn-specific story by most of the national press and quietly handled by Instructure as a customer-specific matter. That framing was wrong then. It is dramatically more wrong in light of the May 2026 events, which now look like the planned escalation of an attack pattern that ShinyHunters had been working against Instructure’s environment for at least eight months prior. The September 2025 Penn breach was the proof of concept. The May 1, 2026 incident was the production run. The May 7, 2026 recompromise was ShinyHunters demonstrating publicly that the May 2 ‘containment’ did not happen.”

In February, a ShinyHunters spokesperson told The Daily Pennsylvanian that Penn failed to pay a $1 million ransom demand. On March 5, ShinyHunters published 461 megabytes worth of data stolen from Penn, including thousands of files such as donor records and internal memos.

ShinyHunters is a prolific and fluid cybercriminal group that specializes in data theft and extortion. They typically gain access to companies through voice phishing and social engineering attacks that often involve impersonating IT personnel or other trusted members of a targeted organization.

Last month, ShinyHunters relieved the home security giant ADT of personal information on 5.5 million customers. The extortion group told BleepingComputer they breached the company by compromising an employee’s Okta single sign-on account in a voice phishing attack that enabled access to ADT’s Salesforce instance. BleepingComputer says ShinyHunters recently has taken credit for a number of extortion attacks against high-profile organizations, including Medtronic, Rockstar Games, McGraw Hill, 7-Eleven and the cruise line operator Carnival.

The attack on Canvas customers is just one of several major cybercrime campaigns being launched by ShinyHunters at the moment, said Charles Carmakal, chief technology officer at the Google-owned Mandiant Consulting. Carmakal declined to comment specifically on the Canvas breach, but said “there are multiple concurrent and discreet ShinyHunters intrusion and extortion campaigns happening right now.”

Cloudskope’s Mann said what happens next depends largely on whether Instructure’s customers — the universities, K-12 districts, and education ministries paying for Canvas — choose to apply pressure or absorb the breach quietly.

“The history of education-vendor incidents suggests the path of least resistance is the second one,” he concluded.

Article URL: https://research.csiro.au/hyresource/australian-renewable-energy-hub/

Comments URL: https://news.ycombinator.com/item?id=48057976

Points: 1

# Comments: 0

Article URL: https://zeroquarry.com/research/obsidian-tasks-rce/

Comments URL: https://news.ycombinator.com/item?id=48057960

Points: 2

# Comments: 1

Article URL: https://tomtunguz.com/ai-at-discount/

Comments URL: https://news.ycombinator.com/item?id=48057930

Points: 1

# Comments: 0

Article URL: https://kcsrk.info/ocaml/oxcaml/x-ocaml/blogging/2026/05/07/data-race-freedom-in-oxcaml/

Comments URL: https://news.ycombinator.com/item?id=48057914

Points: 1

# Comments: 0

Article URL: https://eaglepress.org

Comments URL: https://news.ycombinator.com/item?id=48057912

Points: 2

# Comments: 0

Hi- I hope you’re all having a good day so far! I'm not sure where to post this but I do have two things for you guys today, related to the AI space: individuality and a new era to AI! So: - LLM wrappers are crumbling- these businesses will not survive as foundational models begin to offer the functionalities consumers have been seeking. This maybe represents a failure in interpretation of individuality as horizontal growth (these startups didn't last too long...), which brings up the next point.

- Individuality and ego are human needs. In the past year, there's been a boom in using AI to personalise products to consumers. A take on this: are companies really doing "individuality as horizontal growth" as consumers would like them to? Do consumers really need businesses to tell them that they're individuals? Are personalised feeds actually honouring their individuality, or are they just grouping consumers into demographics that homogenise them and strip away their individuality? And do businesses realise that consumers aren't blind to this? (reference at the rise & mission of Bluesky).

- Above connects to backlash from consumers in response to AI slop. AI slop is a feature of this era of conformity-> so look ahead to the era of individuality (reference historical back-and-forths between these two concepts- ie 1910s were the tail of social conformity and featured great social unrest until it was followed by the 1920s)

Also:

- I am assuming Hacker News is visited by a lot of software devs: one-shot learning and zero-shot learning could be something to check out! (reference Meta currently building Large Concept Models)

That's all. I hope you got value out of this post and have a good day!

(long note if you appreciated this and want to see an example of the above concepts and judge some ideas for yourself:

The above was written by me, Audrey Fei, I'm 16:

- I've been looking at the speech area of AI (text and image has already had its moment). currently have a patent pending for a real-time accent conversion technology (rooted in the idea of a “Golden Speaker” which dates back to 1990; also the patent is for the specific architecture of the System, which is different from standard architectures expected in the industry).

it's at loxai.tech (I'm trying to raise awareness to this tech so there's a waitlist page). the central idea behind it is that: at least in the subfield of speech processing, Golden Speakers are contrarian to the norm of speech synthesis (where speaker identities are lost, instead of preserved). also it uses one-shot learning (a MAML) in its structure

- there's a MVP that led to the above (neutboom.com). It centers around natural language acquisition (differentiates itself from the rest of the language learning market). It's might be a bit clunky in places (you can just tell me about anything that's ugly) but hopefully it's interesting or adds some perspective (at least personally I feel that translation is a middleman.....and why would you need a middleman especially when it overcomplicates the process of language learning? input on this would be appreciated).

)

Anyway I hope you have a creative rest of your day!

Comments URL: https://news.ycombinator.com/item?id=48057908

Points: 1

# Comments: 0

Here are the answers for The New York Times Mini Crossword for May 8.

Article URL: https://arstechnica.com/space/2026/05/spacex-is-starting-to-move-on-from-the-worlds-most-successful-rocket/

Comments URL: https://news.ycombinator.com/item?id=48057906

Points: 1

# Comments: 0

Article URL: https://mojolang.org/

Comments URL: https://news.ycombinator.com/item?id=48057901

Points: 2

# Comments: 0

Article URL: https://mushroomwowhub.com/why-are-morel-mushrooms-hard-to-grow/

Comments URL: https://news.ycombinator.com/item?id=48057895

Points: 2

# Comments: 0

Article URL: https://sites.diy/blog/2026-05-01-coding-plan-comparisons/

Comments URL: https://news.ycombinator.com/item?id=48057866

Points: 1

# Comments: 0

Article URL: https://uwaterloo.ca/news/media/dna-matches-identify-four-more-sailors-franklin-expedition

Comments URL: https://news.ycombinator.com/item?id=48057853

Points: 1

# Comments: 0

Article URL: https://github.com/advisories/GHSA-vp62-r36r-9xqp

Comments URL: https://news.ycombinator.com/item?id=48057842

Points: 2

# Comments: 1

Article URL: https://www.theregister.com/security/2026/05/07/claude-code-trust-prompt-can-trigger-one-click-rce/5235319

Comments URL: https://news.ycombinator.com/item?id=48057836

Points: 3

# Comments: 0

Article URL: https://github.com/orgs/hexojs/discussions/5775

Comments URL: https://news.ycombinator.com/item?id=48057827

Points: 1

# Comments: 0

Article URL: https://github.com/KyleBenzle/FreeCloud

Comments URL: https://news.ycombinator.com/item?id=48057808

Points: 1

# Comments: 0

Article URL: https://health.aws.amazon.com/health/status#786566

Comments URL: https://news.ycombinator.com/item?id=48057804

Points: 4

# Comments: 0

Article URL: https://www.youtube.com/watch?v=Q7Pmgq2JKbI

Comments URL: https://news.ycombinator.com/item?id=48057701

Points: 1

# Comments: 1

Article URL: https://educatedguesser.substack.com/p/where-are-you-in-the-context-supply

Comments URL: https://news.ycombinator.com/item?id=48057679

Points: 1

# Comments: 0