Ransomware Group Claims Breach of Canvas Education Platform, Up to 275 Million Student Records at Risk

A ransomware group called ShinyHunters claimed responsibility for breaching Instructure, the parent company of Canvas, one of the most widely used learning management systems in the United States.

The attack caused outages for universities and K-12 schools that rely on Canvas for coursework, grades, and communications. Instructure issued an apology after the hack disrupted access for students and faculty.

Security researchers say up to 275 million student records may have been exposed. The breach is one of the largest attacks on education technology infrastructure in recent years.

Canvas access was restored for some schools in Australia and other regions, but a hacker deadline remained in place as of May 11, 2026.

The attack highlights how deeply schools now depend on centralized learning platforms. When those systems go down, grades, assignments, exams, and student communications are all affected.

The breach came the same week that cybersecurity researchers warned of a critical vulnerability in Palo Alto Networks' PAN-OS system. The flaw, tracked as CVE-2026-0300, allows attackers to execute code remotely without authentication.

North Korean-backed hackers are also distributing Android malware called "BirdCall" through fake gaming platforms. The malware extracts call logs, contacts, and messages, and can intercept microphones on infected devices.

A new phishing campaign is using fake event invitations to steal login credentials and one-time passwords, targeting education, banking, and healthcare organizations.

Cybersecurity experts say the wave of attacks reflects a broader trend: as AI and digital platforms become more central to daily life, they also become more attractive targets for criminal and state-sponsored hackers.