Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Cyber Incident Disrupts Canvas Educational Platform – Multiple US Universities Reschedule Exams
Occurred 7 May 2026·Detected 10 May 2026·
🇺🇸 Canvas educational platform (Instructure), affecting multiple universities in the United States2 reportsEnded 7 Jun 2026
CyberPropertyCyberCasualty & Liability
A cybercriminal group compromised or disrupted Canvas, the widely used educational platform operated by Instructure, on or around 8 May 2026. Dozens of students reported seeing a message from the cybercriminal group while accessing the platform. The incident caused sufficient disruption that multiple universities were forced to reschedule final examinations.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. The incident disrupted a widely used educational platform affecting multiple universities during final exam season, causing operational disruption and potential reputational and liability exposure for Instructure. However, no confirmed data breach or physical damage is reported, limiting insured loss estimates.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known4 lines
A cybercriminal group message was displayed to students on the Canvas platform.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The incident occurred on or around Thursday 8 May 2026.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Multiple universities were forced to reschedule final exams as a result.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Canvas is an educational platform created by Instructure hosting teaching materials, tests and readings.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported2 lines
Dozens of students reported the incident via social media.▾
structured linereported
No separate sourced-claim record is available for this line yet.
The nature of the attack (ransomware, defacement, DDoS, or other) is not confirmed in the source text.▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
The identity or affiliation of the cybercriminal group is not confirmed.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The geographic scope beyond the United States is unclear.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether student data or exam content was exfiltrated is unknown.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The full number of affected universities has not been confirmed.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
3 active matches
- TRIA Certified AreasRule-basedConfidence 100%
- Pacific Ring of FireRule-basedConfidence 100%
- Caribbean Hurricane ZoneRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Timeline
Status Change7 Jun 2026, 19:51
Lifecycle changed
developing → closed
Closure7 Jun 2026, 19:51
Event Closed
hygiene_sweep_stale
Status Change10 May 2026, 22:20
Status changed to developing
Auto-promoted: multiple corroborating sources
Corroboration10 May 2026, 22:20
The ShinyHunters extortion gang has breached Instructure, the operator of the Canvas educational platform, exploiting a vulnerability to deface Canvas login portals for hundreds of colleges and universities. The attack is described as a mass extortion campaign targeting the widely used higher education learning management system. The incident aligns with broader Canvas disruptions reported around 8 May 2026 that forced multiple US universities to reschedule exams. ShinyHunters, a prolific cybercriminal group, is attributed as the threat actor responsible.
Source: BleepingComputer (Trade Media) · View source
Initial Detection10 May 2026, 22:10
Initial Detection
A cybercriminal group compromised or disrupted Canvas, the widely used educational platform operated by Instructure, on or around 8 May 2026. Dozens of students reported seeing a message from the cybercriminal group while accessing the platform. The incident caused sufficient disruption that multiple universities were forced to reschedule final examinations.
On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.
Source: The Record (Cyber) (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts