Cyber Security News

Hacking Editorial Brief – May 11, 2026

The education technology sector is facing a significant breach as threat actor ShinyHunters claimed responsibility for compromising Canvas, the widely-used learning management platform owned by Instructure. The attack has impacted approximately 8,809 educational institutions worldwide—including universities and K-12 schools across the United States, Australia, and other countries—disrupting online exams during peak finals season. ShinyHunters has reportedly exfiltrated student and institutional data and issued ransom demands with a settlement deadline, threatening public data release if institutions fail to negotiate. Some schools have regained partial access to Canvas, though disruptions continue into the weekend as administrators assess the scope of compromise.

Separately, Microsoft disclosed details of a large-scale credential phishing campaign that ran between April 14-16, 2026, targeting over 35,000 users across 13,000 organizations in 26 countries. The operation leveraged code-of-conduct themed social engineering lures and abused legitimate email services to evade detection while harvesting credentials. The campaign's scale and geographic distribution suggest coordination by an organized threat actor with significant infrastructure. Microsoft's disclosure highlights the persistent effectiveness of themed phishing lures that exploit corporate compliance processes to gain initial access across enterprise environments.

Sources: Atlanta Journal-Constitution · Computing · ABC News Australia · CNN · The Hacker News