Instructure Reaches 'Agreement' With ShinyHunters to Stop Data Leak

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online.

The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities worldwide.

In a Tuesday statement, Instructure said the cybercrime gang also returned the stolen data and provided shred logs confirming its destruction.

"We understand how unsettling situations like this can be, and protecting our community remains our top priority. With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident," it said.

"We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise. This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor."

‘It’s here’: Google issues dire warning after catching hackers using AI to break into computers

Google said Monday that it had disrupted a criminal group’s attempt to use artificial intelligence to exploit another company’s previously unknown digital vulnerability, adding to heightened worries across government and private industry about AI’s risks for cybersecurity.

Google shared limited information about the attackers and the target, but John Hultquist, chief analyst at the tech giant’s threat intelligence arm, said it represents a moment cybersecurity experts have warned about for years: malicious hackers arming themselves with AI to supercharge their ability to break into the world’s computers.

“It’s here,” Hultquist said. “The era of AI-driven vulnerability and exploitation is already here.”

It comes at a time of leaps in AI’s abilities to find vulnerabilities, including the Mythos model announced a month ago by Anthropic. Among those trying to bolster their defenses is President Donald Trump’s White House, which has shifted its approach in how it plans to vet the most powerful AI models before their public release.

The missing cybersecurity leader in small business

The average cyberattack costs for a small- or medium-size business is more than $250,000. The salary for a chief information security officer (CISO) is about the same, pulling in between $250,000 and $400,000, according to the annual 2026 CISO Report from Sophos and Cybersecurity Ventures.

Small- and medium-size businesses (SMBs) know they cannot afford the salary, so they roll the dice, hoping they will not be attacked. This is a dangerous gamble that these businesses, which make up the backbone of the American economy, should not have to take. A virtual (vCISO) or fractional CISO (fCISO) can provide a practical solution.

As the American economy goes digital, SMBs now rely on the same building blocks as big enterprises — cloud services, payment systems, remote access, customer data, and other third-party vendors. But without senior cyber leadership, cybersecurity often becomes a patchwork of tools, checklists, insurance paperwork, and whatever guidance a vendor offers.

Fragmented Cyber Risk Transfer Is Changing Board Oversight

Cyber risk transfer used to be relatively straightforward: purchase insurance, review the limits and assume the organization had shifted a meaningful portion of its exposure. That assumption no longer holds. Today, cyber risk transfer is fragmented across overlapping policies, exclusions and emerging protections – many of which only apply if organizations can demonstrate how they responded during an incident.

For boards, that shift is significant. Cyber risk transfer is no longer just about coverage. It is about whether that coverage will hold up under testing, and whether the organization can prove it acted appropriately under pressure.

Cyber Risk Transfer Is No Longer a Single Policy

A decade ago, cyber insurance was often treated as a comprehensive solution. Steven Schwartz, co-founder and general partner at FireTower Risk Solutions, explained how the market has shifted away from a single, all-encompassing policy. “Carriers priced for losses that they can model – extortion, business interruption and privacy notifications,” he said. “The losses that actually hurt companies, though, were outside that model.”

Why Hospitals Must Rethink Cyber Resilience

Hospitals face relentless ransomware attacks that threaten patient safety and operations. More than ever, cyber teams need to strengthen their resilience, with clinical continuity, immutable secure backups and coordinated recovery as critical strategies in a rapidly evolving threat landscape, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

"In this increasingly digitally complex, digitally interdependent ecosystem that healthcare operates in, there is no way for us to 100% prevent attacks and eliminate all the vulnerabilities which expose us to attacks," said Riggi, national advisor for cybersecurity and risk at the AHA.

The AHA is partnering with security firm Rubrik, as well as various other organizations, such as non-profit health accreditation organization Joint Commission, to promote and enhance hospital resiliency awareness and readiness.

Cyber risk overtakes economic worries as top concern for UK boards

For the first time, cyber risk has overtaken all other threats as the primary concern for UK business leaders, being cited as the leading concern for 46% of business leaders, up three percentage points from 2024 and more than doubling from 20% in 2023, according to a new report from Marsh Risk.

The UK Business Risk Report stresses the need for flexible, dynamic risk management frameworks that can adjust as threats evolve and interact, particularly where cyber, economic and regulatory risks amplify one another.

Heightened focus on cyber as systemic risk

Cyber threats were ranked the top risk by 46% of respondents, compared to 44% for economic and financial risks, 40% for compliance, legal and regulatory concerns, and 39% for people related issues such as skills and talent.

According to the report, high profile attacks, greater digitalisation and supply chain vulnerabilities have pushed cyber firmly onto the board agenda, as businesses grapple with the potential for widespread operational disruption, regulatory exposure and reputational harm.