惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
The Register - Security
The Register - Security
Hugging Face - Blog
Hugging Face - Blog
博客园 - 聂微东
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园_首页
D
Docker
S
Security @ Cisco Blogs
K
Kaspersky official blog
爱范儿
爱范儿
Simon Willison's Weblog
Simon Willison's Weblog
TaoSecurity Blog
TaoSecurity Blog
V
V2EX
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Troy Hunt's Blog
Cloudbric
Cloudbric
博客园 - 三生石上(FineUI控件)
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The Hacker News
The Hacker News
美团技术团队
S
SegmentFault 最新的问题
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
宝玉的分享
宝玉的分享
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
M
MIT News - Artificial intelligence
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
Google Online Security Blog
Google Online Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Vercel News
Vercel News
The Cloudflare Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
AI
AI
Stack Overflow Blog
Stack Overflow Blog
I
InfoQ
Scott Helme
Scott Helme
S
Schneier on Security
大猫的无限游戏
大猫的无限游戏
The GitHub Blog
The GitHub Blog
S
Securelist
IT之家
IT之家
Microsoft Azure Blog
Microsoft Azure Blog

Cybersecurity Dive - Latest News

Dozens of Red Hat npm packages targeted in supply chain attack Turning tension into collaboration: How CIOs and CISOs can lead together Trump signs EO seeking early government access to powerful AI models Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators Without strong governance, companies put credit ratings at risk in AI era CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation How Canva scaled to 260+M users while elevating security and productivity Top 4 data security best practices for the AI-enabled enterprise CISA urges security teams to check for software development compromises How CISOs can manage sovereign-cloud security risks IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities Enterprise data is creeping its way into shadow AI tools Coordinated operation takes down Glassworm botnet Leading AI models are more vulnerable to malicious prompts than vendors claim Iranian government, not hacktivist group, breached LA Metro system, security firm says FBI warns about PhaaS platform used to access Microsoft 365 environments Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages New York regulator calls for additional cyber mitigation amid heightened threat environment CISA asks cybersecurity community to alert it to vulnerability exploitation Grafana Labs links GitHub environment breach to TanStack npm supply chain attack 7-Eleven hit by data breach Microsoft disrupts cybercrime operation that hid behind legitimate software Compromised coding tool helped hackers breach thousands of GitHub repositories Telecom sector launches its own private ISAC Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN Grafana Labs says hacker gained access to codebase through leaked token How a government contest launched a revolution in AI-based bug hunting Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller MSPs need AI to fight AI-fueled cyberthreats: Guardz More money is going to physical security, but it’s often CISOs that oversee it: EY Frontier AI models reap rapid discovery of security vulnerabilities West Pharmaceutical starts restoring operations after ransomware attack Foxconn confirms cyberattack affecting some North American facilities OpenAI launches Daybreak to combat cyber threats Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it Identity takes center stage as a leading factor in enterprise cyberattacks AI and an absent government: Takeaways from RSAC 2026 Second Canvas data breach causes major disruptions for schools, colleges AI used to develop working zero-day exploit, researchers warn New cybersecurity industry alliance aims to lead US critical infrastructure protection Identity is the new perimeter as rapid NHI proliferation threatens visibility and control Instructure confirms cybersecurity incident Anthropic’s Claude used in attempted compromise of Mexican water utility Businesses hide vast majority of ransomware attacks, report finds Palo Alto Networks warns state-linked cluster behind zero-day exploitation Businesses eager but unprepared for AI to transform their security strategies Iran-sponsored threat group behind false flag social engineering campaign NIST will test three major tech firms’ frontier AI models for cybersecurity risks Trellix investigating breach of source code repository CISA urges critical infrastructure firms to ‘fortify’ before it’s too late Critical vulnerability in cPanel leads to widespread exploitation New MOVEit vulnerabilities prompt urgent patch warning How OpenClaw’s agent skills become an attack surface White House questions tech industry on defensive AI use, cybersecurity resilience As email phishing evolves, malicious attachments decline and QR codes surge US and allies urge ‘careful adoption’ of AI agents PwC partners with Google Cloud to take on the managed security market US agencies promote zero-trust practices for operational technology networks CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog State CISOs losing confidence in ability to manage cyber risks ‘Fundamental tension’ undermines manufacturers’ cybersecurity North Korea-linked actor targets Web3 execs in social-engineering campaign US, UK authorities warn that Firestarter backdoor malware survives patching Major critical infrastructure supplier reports cyberattack When security becomes the attack surface: Why endpoint protection must evolve Hasbro expects March cyberattack to impact second-quarter revenue AI-written software creates hassles for wary security teams Iran-nexus threat groups refine attacks against critical infrastructure China disguises cyberattacks with ‘covert network’ botnets, US and allies warn Trump’s CISA director pick withdraws after tumultuous nomination Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says Microsoft SharePoint vulnerability widely exposed across multiple countries CISA urges security teams to view environments following axios compromise Big banks seek to ease security worries as AI push accelerates CISA confirms exploitation of 3 more Cisco networking device vulnerabilities Stellantis teams with Microsoft to strengthen digital capabilities Vulnerability exploitation surges often precede disclosure, offering possible early warnings Vercel systems targeted after third-party tool compromised Beyond IT: Cybersecurity is a strategic business risk TP-Link routers face exploitation attempt linked to high-severity flaw US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms CIOs fret over rising security concerns amid AI adoption CISA cancels prestigious summer internships, citing government shutdown NIST limits vulnerability analysis as CVE backlog swells Medium-severity flaw in Microsoft SharePoint exploited FCC exempts Netgear from foreign router ban FCC signals continued commitment to Cyber Trust Mark program Brute-force cyberattacks originating in Middle East surge in Q1 CISOs see gaps in their incident response playbooks US, Indonesia shut down ‘sophisticated’ phishing kit Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign Stryker warns of earnings fallout from March cyberattack NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure Iran-linked hackers target water, energy in US, FBI and CISA warn React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Threat cluster launches extortion campaign using social engineering CISA’s vulnerability scans, field support on chopping block in Trump budget
Canvas owner reaches ‘agreement’ with threat actors after data breach
Anna Merod · 2026-05-13 · via Cybersecurity Dive - Latest News

Instructure “reached an agreement” with an unauthorized threat actor on Monday, just days after cybercriminals twice — within a little over a week — infiltrated the ed tech provider’s Canvas learning management system.  

The latest cybersecurity incident on Thursday caused sweeping disruptions to schools and colleges nationwide after the cyber gang ShinyHunters posted a message that was seen by some users on their Canvas platforms. The post said that schools could negotiate a settlement with ShinyHunters by Tuesday — the same deadline given to Instructure.

Cybersecurity experts suggest Instructure’s agreement appears to be a ransomware payment, a practice the FBI strongly discourages

Instructure said that as a part of its agreement with an unnamed threat actor, the stolen data was returned to the ed tech company, and it had received digital confirmation of data destruction in the form of “shred logs.” The threat actor said no Instructure customers will be extorted from this incident, Instructure said, and no individuals impacted by the breach will need to engage with them.

“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said in a Monday statement on its website. 

No ‘guarantee’ data will be deleted

ShinyHunters has been confirmed as the group behind the Canvas cyberattack, as the group posted about the initial incident to its leak site on May 3, said Rebecca Moody, head of data research at Comparitech, a cybersecurity and online privacy product review website, in a Tuesday statement. 

In its May 3 post, ShinyHunters claimed to have stolen 3.65 TB of data from about 275 million users across 9,000 schools worldwide, according to Moody. Instructure has not confirmed how many schools or users were impacted by the recent data breaches. 

“This post and the individual school-by-school threats ShinyHunters has sent likely put pressure on Instructure to meet the ransom demands to try and prevent data from being leaked,” Moody said. “However, let's not forget that ShinyHunters are cybercriminals. Even by paying this ransom demand, Instructure cannot guarantee the data will be deleted.”

Several class action lawsuits have already been filed against Instructure in federal district courts over the data breach. 

Instructure confirmed last week that hackers gained unauthorized access to its systems through its Free for Teachers platform on April 29 and May 7. The exposed data included usernames, email addresses, course names, enrollment information and messages, Instructure said. The company added that “core learning data (course content, submissions, credentials) was not compromised,” and Canvas is now fully operational and safe to use. 

Michael Klein, senior director for preparedness and response at the Institute for Security and Technology, said that while he agrees with the FBI in most cases that organizations should not pay ransoms to cybercriminals after a data breach, sometimes there are situations in which the compromised data could cause physical harm — such as a ransomware attack on a hospital. In that situation, paying a ransom might be necessary, he said. 

With the Instructure incident, however, Klein said he doesn’t think the reported data that was compromised falls under such a scenario that would necessitate a payment. 

“Also, you can't trust that a cybercriminal group is going to keep their word and not then go and extort all of the people downstream of that anyway,” Klein said.

The need for federal, state supports 

When PowerSchool got hacked in December 2024, Klein was working at the U.S. Department of Education as the senior advisor for cybersecurity. At the time, he was able to convene 41 states and Guam within a few days to share information on the incident including how to understand the challenges, communicate with the company, and mitigate the impact for schools. 

Fast forward to the latest cyberattack on Instructure, and that federal authority and structure no longer exists, Klein said. In his own capacity at the Institute for Security and Technology, Klein said he was only able to convene 22 states on Friday to hold a similar conversation about Instructure after the “widespread” and “understandable freakout” from Thursday’s incident that caused disruptions for many school and college systems.   

When the Education Department convened states a year and a half ago during the PowerSchool incident, that protected gathering was made possible through the Critical Infrastructure Partnership Advisory Council, Klein said. A little over a year ago, however, the U.S. Department of Homeland Security ended that council’s authority, he said. 

A DHS secretary could restore that authority without Congress, Klein said, and then the federal government could immediately assemble similar convenings again.

Klein added that restoring funding for the federal Multi-State Information Sharing Analysis Center, or MS-ISAC, could give school districts and state education agencies no-cost access to as much cybersecurity threat information as possible. 

“This incident, as well as the PowerSchool incident, demonstrates the importance of support from the federal and state level in order to build capacity for institutions that cannot do this work themselves,” Klein said.

Meanwhile, on Tuesday, the Software & Information Industry Association sent letters to lawmakers in both chambers of Congress calling for a $36 million investment in the FY 2027 budget to ensure schools have access to digital security services. 

SIIA called for $20 million to fund MS-ISAC and $10 million for the Readiness and Emergency Management for Schools Technical Assistance Center to reestablish a central hub for school-specific cyber-incident management. The group also urged that another $6 million is needed to support the Education Department in its role as the leading agency for coordinating educational cybersecurity.

“Following the 2025 federal funding shifts that resulted in the ‘offboarding’ of school districts from essential threat monitoring services and the shuttering of key technical assistance centers, America’s K-12 education sector is currently at its most vulnerable state in a decade,” said SIIA’s letter to leaders on the Senate Appropriations Subcommittee on Labor, Health and Human Services, Education, and Related Agencies.