1 article
Instructure has confirmed that the ShinyHunters threat group exploited a vulnerability in Canvas LMS to deface login portals across multiple university clients with extortion messages. The attack moved beyond the data exposure incident disclosed on May 3 into active defacement — university login pages were replaced with ransom demands visible to students and staff. Instructure is notifying affected institutions and has issued an emergency patch.