ShinyHunters Defaces Canvas Login Portals at Scale
🔒 The ShinyHunters extortion group defaced Canvas login portals for roughly 330 colleges and universities, replacing standard pages with an extortion message that demanded payment by May 12, 2026. The same message also appeared in the Canvas app and was visible for about 30 minutes before being taken offline. Instructure has taken Canvas offline while confirming that data was stolen and continuing its investigation. BleepingComputer reports the group claims the theft includes extensive student and staff records.
