Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

House Homeland Security briefing request on Instructure attacks

Public Sector Action
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

The House Committee on Homeland Security requested Instructure appear for a briefing on the recent attacks, escalating congressional scrutiny of the Canvas compromise and the company’s response.

Related Happenings

CISA BOD 22-01 iOS KEV patch order

Public Sector Action
First: 06.03.2026 17:57 Last: 06.03.2026 17:57 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure affected **iOS** devices by **March 26** after adding **three Coruna vulnerabilities** to its **Known Exp...

Open Happening

Resecurity alleged data leak claim after ShinyHunters Telegram screenshots

Data Leak
First: 03.01.2026 22:34 Last: 03.01.2026 22:34 Sources 1

About this happening: **ShinyHunters** publicly claimed a **Resecurity** breach and posted screenshots on **Telegram**, asserting it had obtained **employee data**, **internal communications**, **threa...

Open Happening

Resecurity hit by data theft breach linked to Scattered Lapsus$ Hunters

Incident
First: 03.01.2026 22:34 Last: 03.01.2026 22:34 Sources 1

About this happening: **Resecurity** is disputing a claimed breach after **Scattered Lapsus$ Hunters** said they stole internal data, making the event a contested compromise with unresolved exposure st...

Open Happening

Timeline

  1. 14.05.2026 23:19 1 articles · 13d ago

    Instructure's Salesforce instance compromise disclosed on September 21, 2025

    Campaign Scope Update

    Instructure disclosed that its Salesforce instance had been compromised on September 21, 2025 in a social engineering attack, establishing an earlier intrusion that lawmakers later treated as a possible precursor to the Canvas incidents.

    Show sources
    Open in new tab
  2. 14.05.2026 23:19 1 articles · 13d ago

    Instructure discloses the initial Canvas breach on May 1, 2026

    Initial Disclosure

    Instructure disclosed an initial breach on May 1, 2026 after threat actors obtained certain identifying information of users, including names, emails, student ID numbers, and private messages from Canvas.

    Show sources
    Open in new tab
  3. 14.05.2026 23:19 1 articles · 13d ago

    Canvas is taken offline and declared resolved on May 6, 2026

    Mitigation Patch Update

    Instructure temporarily took Canvas offline to investigate the compromise, then declared the intrusion resolved on May 6, 2026 and said the LMS was fully operational after an outage that left thousands of schools and universities without grade reporting and other functions.

    Show sources
    Open in new tab
  4. 14.05.2026 23:19 1 articles · 13d ago

    ShinyHunters returns to Canvas with a ransom demand on May 7, 2026

    Exploitation Observed

    The following day, ShinyHunters returned, compromised Canvas again, and posted a ransom demand on the platform login pages.

    Show sources
    Open in new tab
  5. 14.05.2026 23:19 1 articles · 13d ago

    Instructure says it reached an agreement with the threat actor on May 11, 2026

    Victim Impact Update

    Instructure said it reached an agreement with the threat actor behind the attacks, stated that no customers would be extorted publicly or otherwise, and said the stolen data was returned with digital confirmation of its destruction.

    Show sources
    Open in new tab
  6. 14.05.2026 23:19 2 articles · 13d ago

    Congressional committees seek briefings from Instructure on the repeated Canvas attacks

    Legal Policy Action Update

    The House Committee on Homeland Security requested that Instructure appear for a briefing on the recent attacks and asked CEO Steve Daly to meet with members no later than May 21, while the US Senate Committee on Health, Education, Labor, and Pensions said it was investigating the attacks and asked about the data affected and the security improvements made afterward.

    Show sources
    Open in new tab