惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Register - Security
The Register - Security
A
About on SuperTechFans
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
N
Netflix TechBlog - Medium
量子位
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
H
Help Net Security
D
Docker
D
DataBreaches.Net
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
B
Blog
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
F
Full Disclosure
GbyAI
GbyAI
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
博客园 - Franky
MongoDB | Blog
MongoDB | Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
小众软件
小众软件
V
Visual Studio Blog
月光博客
月光博客
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
J
Java Code Geeks
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
美团技术团队
N
News | PayPal Newsroom
G
Google Developers Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园_首页
V
Vulnerabilities – Threatpost

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
The Canvas Hack Shows Ransomware Isn’t Going Anywhere
Tim Keary · 2026-05-14 · via Forbes - Innovation
Ransomware hacker

Ransomware hacker

getty

Instructure, the parent company of the popular online education platform Canvas, this week announced it had paid hackers not to release data stolen during a ransomware attack.

According to the BBC, the Canvas attack affected an estimated 9,000 institutions in the US, Canada, Australia and the UK. The incident is one of the largest educational security breaches on record.

During the breach, many educational institutions were unable to access the Canvas platform. The Harvard Crimson noted that students at Harvard temporarily lost access to Canvas last Thursday, with users redirected from the learning management platform to a message from a hacking group known as ShinyHunters.

In the message, the group claimed it had “breached Instructure” and urged schools on the affected list to contact the group privately to negotiate a settlement before the end of the day on May 12, or risk their data being leaked.

The attack highlights that ransomware and supply chain attacks remain a significant threat, not just to educational institutions but also to organizations. Today’s companies not only need to secure their own systems but also consider the exposure presented by upstream software vendors.

The Canvas Ransomware Attack

The incident took place due to two major intrusions. Instructure’s incident update blog post explained that the company detected unauthorized activity in Canvas on April 29th and revoked the unauthorized party’s access.

Then on May 7, Instructure identified further unauthorized activity, after the actor made changes to the pages that appeared when students and teachers logged into Canvas. The company found out that the actor carried out the activity by exploiting an issue related to its Free-For-Teacher accounts.

“ShinyHunters took down Canvas in two attacks. The first came April 29. Instructure said it was resolved. Eight days later the login page was replaced with a ransom demand and 3.65 terabytes of student data on the table,” ” Amir Khayat, CEO and cofounder of agentic security provider Vorlon, told me via email.

Khayat notes that Canvas runs on 41% of North American higher education institutions. "One breach does not touch one school, it touches every institution that trusted the same vendor. The entry point was a Free-For-Teacher account, a lower-security tier Instructure made available to individual educators. Not a zero-day. A door someone left open,” Khayat said.

The widespread impact of the breach which CNN reports impacted top universities like Columbia, Princeton and Georgetown, put tremendous pressure on Instructure to settle. On May 11, the company updated its incident blog post to announce it had reached an agreement with the “unauthorized actor.”

The vendor noted that under the agreement, the data was returned and that they received digital confirmation of data destruction in the form of shred logs. They also claimed to have received an assurance that no customers would be extorted as a result of this incident. Whether this is the case remains to be seen.

Digital Platforms As A Target

One of the key takeaways from this ransomware attack is that software platforms are becoming a major target for cybercriminals to exploit as part of supply chain attacks.

For instance, Khayat told me that just recently, ShinyHunters breached Vercel through Context.ai, an authorized AI tool with OAuth access to a Vercel employee’s Google Workspace. He says the method is to find the trusted platform, identify its weakest access path and then use the access as a multiplier across every institution connected to it.

At its core, the incident presents a reminder that third party platforms might unlock new capabilities, but they also present potential entry points for attackers to exploit.

“One of the biggest takeaways from this incident is how disruptive cyberattacks have become when organizations rely heavily on a single digital platform for day-to-day operations,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told me via email.

“This also reinforces that educational institutions remain highly attractive targets because they store enormous amounts of sensitive personal data and often operate with limited cybersecurity resources compared to large enterprises,” Steinhauer said.

That being said, he argues the lessons from the incident extend far beyond schools, suggesting that any organization that centralizes communication, workflows and sensitive information into cloud-based platforms needs to recognize that a single breach can cascade into “widespread operational paralysis.”

Was This An AI-driven Attack?

As AI models like

Claude Mythos

demonstrate powerful offensive capabilities, there are growing concerns that hackers can use automation to enable these kinds of attacks. After all, an attacker only needs to discover one vulnerability to cause a breach.

“AI is very likely to have been used in this attack to facilitate a faster and easier hack. Humans are still the weak link and we need to learn or ensure that our IT practices are strong and not bypassed,” Joe Hartmann, vice president of research at cybersecurity vendor Malwarebytes, told me via email.

“Most threat gangs are often run by just a few individuals. But they have the funds to hire and build out an entire enterprise with dozens of low pay, single tasks, employees. Given enough time, you can get yourself into almost every network. With AI that time decreased significantly so we will see more of these types of attacks this year,” Hartmann said.

If AI can help threat actors to find exploits to enter target networks faster, defenders will need to work much harder to keep up with best practices like patching. Failure to do so will increase risk.

Ransomware Remains A Threat

Ever since the WannaCry outbreak in 2017, ransomware has remained one of the biggest threats facing modern enterprises. At the end of April, Veeam released its Q1 ransomware report which found that the average ransom payment in Q1 2026 was $680,081, up 15% from Q4 2025.

The study attributes the increase in ransoms paid to the continued success of sophisticated groups targeting large enterprises with data-exfiltration-only incidents.

“What is particularly notable is the shift in attacker behaviour. Rather than a simple move away from volume attacks, ransomware affiliates are increasingly targeting organisations in the 11 to 1,000 employee range, which now accounts for the majority of incidents. This reflects a focus on environments where there is still a perceived higher probability of payment, even as overall resilience improves,” said Magnus Jelen, lead director of incident response UK and EMEA at Coveware told me via email.

At the same time, AI is allowing threat actors to move faster. “The growing use of automation and AI is accelerating both the speed and scale of exploitation, particularly when combined with unpatched vulnerabilities. This reinforces a critical point. Resilience today is not just about recovery, it is about ensuring systems are continuously updated and exposure windows are minimized,” Jelen said.

Limiting Risk

There are no simple solutions when dealing with supply chain attacks. While companies and educational providers can reduce risk by vetting software vendors and using only approved tools, they ultimately have no power to prevent breaches occurring in a third-party company.

“The most important lesson from the Canvas breach isn’t about Instructure, it’s about the assumptions defenders are making right now. If you’re a Canvas customer, treat every integration credential as compromised, audit your SSO exposure immediately and get a verified re-authorization channel in front of your users before attackers do it for you,” Jeanette Miller-Osborn, field cyber intelligence officer at real-time threat intelligence provider, Dataminr, told me via email.

“More broadly, if you haven’t mapped which of your vendors represent single points of failure at this scale, this breach is your signal to start. The threat actors behind this have a refined, repeatable playbook and they will use it again,” Miller-Osborn said.

What organizations can do is to double down on basic cybersecurity best practices, implementing regular patching to eliminate low level exploits, to make it harder for threat actors to gain direct access to their environments. While this doesn’t address third party risk, it helps build resilience.

The situation becomes more complicated in the case of a breach. Jelen pointed out in reference to Veeam’s research, paying a ransom is a high-risk decision. It doesn’t necessarily guarantee recovery and can lead to repeat targeting. Instead, making data protected and recoverable, with strong patch discipline and data resilience, is the key to limiting risk.