Information Security

<h2>What happened</h2><p>Instructure, the company behind the Canvas learning management system, has disclosed that it recently suffered a cybersecurity incident perpetrated by a criminal threat actor and is now investigating its scope with the help of outside forensics experts. The disclosure was made by Chief Security Officer Steve Proud, who committed to transparency as the investigation progresses.</p><p>Canvas is one of the most widely deployed learning management systems globally, used by schools, universities, and organizations to manage coursework, assignments, and online learning. Since May 1, some services including Canvas Data 2 and Canvas Beta have been placed under maintenance, with customers warned of potential issues with tools relying on API keys. Instructure has not confirmed whether the maintenance is related to the security incident. No threat actor has publicly claimed responsibility, and Instructure has not provided details about the attack vector or the data potentially affected.</p><p>This is the second cybersecurity incident Instructure has disclosed in less than a year. In September 2025, the company disclosed a breach resulting from a social engineering attack that allowed attackers to access data in its Salesforce instance, with ShinyHunters claiming responsibility and listing the company on a data leak site. Education technology firms have become consistent targets given the volume of student and teacher personal data they hold. PowerSchool disclosed a breach in January 2025 in which a threat actor claimed to have stolen data belonging to 62 million students, and Infinite Campus has faced similar Salesforce-targeting campaigns.</p><h2>Who is affected</h2><p>The scope of the current incident remains undetermined. Canvas serves a broad population of students, educators, and institutional administrators, meaning the potential exposure of personal and academic data is significant if the incident involved customer-facing systems. Customers experiencing issues with Canvas Data 2, Canvas Beta, or API-dependent tools should monitor Instructure’s communications closely as the investigation develops.</p><h2>Why CISOs should care</h2><p>Instructure’s second significant incident in under a year raises questions about whether the September 2025 breach prompted sufficient remediation of the access vectors and third-party integrations that made it possible. The pattern across edtech breaches, Instructure, PowerSchool, Infinite Campus, consistently involves platforms holding large concentrations of student and teacher data being targeted through cloud CRM environments and social engineering rather than direct network intrusion.</p><p>For security leaders in education or with student data obligations, this pattern is a direct signal about where threat actors are focusing effort in this sector.</p><h2>3 practical actions</h2><p><strong>Monitor Instructure’s incident disclosures and apply any guidance regarding API key rotation promptly:</strong> The maintenance affecting Canvas Data 2 and API-dependent tools may indicate credential or token exposure. Do not wait for confirmed details before reviewing which systems in your environment rely on Canvas API keys and preparing to rotate them if advised.</p><p><strong>Review third-party integrations connected to Canvas in your environment:</strong> The September 2025 Instructure breach involved a Salesforce instance. Assess what data flows exist between Canvas and other platforms in your environment and whether those integrations carry the same access control risks documented in prior edtech incidents.</p><p><strong>Treat edtech platforms as high-priority data protection assets:</strong> Student and teacher data held in learning management systems includes sensitive personal information that triggers FERPA, COPPA, and state-level privacy obligations. Ensure that platforms like Canvas are subject to the same vendor security review cadence as any other system holding protected personal data.</p><p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Also in the news today:</p><ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/dayton-mayor-demands-accountability-after-license-plate-reader-data-breach/">Dayton Mayor Demands Accountability After License Plate Reader Data Breach</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ameriprise-financial-data-breach-exposes-personal-information-of-48000-customers/">Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/congress-punts-fisa-section-702-renewal-to-june/">Congress Punts FISA Section 702 Renewal to June</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/">FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/consentfix-v3-automates-oauth-abuse-to-bypass-mfa-and-hijack-azure-accounts/">ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/1800-developers-hit-in-mini-shai-hulud-supply-chain-attack-across-pypi-npm-and-php/">1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP</a></li> </ul><p>The post <a rel="nofollow" href="https://cisowhisperer.com/edtech-firm-instructure-discloses-cyber-incident-probes-impact/">Edtech Firm Instructure Discloses Cyber Incident, Probes Impact</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/edtech-firm-instructure-discloses-cyber-incident-probes-impact/" data-a2a-title="Edtech Firm Instructure Discloses Cyber Incident, Probes Impact"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fedtech-firm-instructure-discloses-cyber-incident-probes-impact%2F&amp;linkname=Edtech%20Firm%20Instructure%20Discloses%20Cyber%20Incident%2C%20Probes%20Impact" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fedtech-firm-instructure-discloses-cyber-incident-probes-impact%2F&amp;linkname=Edtech%20Firm%20Instructure%20Discloses%20Cyber%20Incident%2C%20Probes%20Impact" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fedtech-firm-instructure-discloses-cyber-incident-probes-impact%2F&amp;linkname=Edtech%20Firm%20Instructure%20Discloses%20Cyber%20Incident%2C%20Probes%20Impact" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fedtech-firm-instructure-discloses-cyber-incident-probes-impact%2F&amp;linkname=Edtech%20Firm%20Instructure%20Discloses%20Cyber%20Incident%2C%20Probes%20Impact" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fedtech-firm-instructure-discloses-cyber-incident-probes-impact%2F&amp;linkname=Edtech%20Firm%20Instructure%20Discloses%20Cyber%20Incident%2C%20Probes%20Impact" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/edtech-firm-instructure-discloses-cyber-incident-probes-impact/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=edtech-firm-instructure-discloses-cyber-incident-probes-impact">https://cisowhisperer.com/edtech-firm-instructure-discloses-cyber-incident-probes-impact/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=edtech-firm-instructure-discloses-cyber-incident-probes-impact</a> </p>

<p>The post <a href="https://www.malwarebytes.com/blog/how-to/2026/05/3-easy-to-miss-cybersecurity-risks-for-small-businesses">3 easy-to-miss cybersecurity risks for small businesses</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>There’s a lot to security that isn’t necessarily “cyber.” It’s not all hackers or complex network attacks.</p><p>Alongside traditional cyberattacks that deploy malware or exploit known software vulnerabilities, there are also less technical—yet equally devastating—forms of theft.</p><p>This doesn’t mean that well-known <a href="https://www.malwarebytes.com/blog/news/2025/05/the-3-biggest-cybersecurity-threats-to-small-businesses" rel="noreferrer noopener">cybersecurity best practices don’t apply</a>. Every small business owner should still use unique passwords for every account, turn on multi-factor authentication, keep their software and operating systems updated, and run always-on cybersecurity software.</p><p>But for the everyday small business owner juggling dozens of accounts, networks, devices, and the reams of data being created, stored, and shared across text messages, emails, and online portals, this advice is for you.</p><p>For National Small Business Week in the US, here are three ways to protect your business that require little technical prowess.</p><h2 class="wp-block-heading" id="h-don-t-use-your-social-security-number-as-your-tax-id"><strong>Don’t use your Social Security Number as your tax ID</strong></h2><p>In the US, the Internal Revenue Service (IRS) allows small business owners to use their personal Social Security Number (SSN) as the Federal Tax ID. It’s a small grace meant to simplify annual record-keeping for sole proprietors and owner-employees, but for cybercriminals, it’s a basic oversight they’d like every small business to make.</p><p>Using your Social Security Number as your Federal Tax ID means putting your Social Security Number in an ever-increasing number of hands. That’s because small business taxes are different from taxes for everyday salaried employees. </p><p>Whenever a small business takes on a new client or a contractor who pays for services costing at least $600, that small business has to share and receive what is called a W-9 form. This exact form isn’t filed with the IRS, but it is used to track payments for later filings. </p><p>What’s more important, though, is that this form asks for an owner’s name, address, and tax ID number. </p><p>This means that as a small business grows, its vulnerability to identity theft increases in tandem. Every W-9 filed that uses an owner’s SSN as their tax ID number is another opportunity for that SSN to be stolen. After just one year of operation, a small business owner’s SSN could end up in the inboxes, filing cabinets, and cloud drives of a dozen different people and companies.</p><p>This is exactly what cybercriminals want.</p><p>Equipped with a W-9 form about your business, a cybercriminal could impersonate you or your business. They could open a business credit line, file fraudulent returns that claim your small business income, or scam your clients.</p><p><strong>How to stay safe</strong>:</p><p>Apply for a free Employer Identification Number (EIN) at IRS.gov. It’s quick to do and it separates your business tax identity from your personal tax identity. After that, put the EIN on W-9s, 1099s, and all other business paperwork instead of your SSN.</p><h2 class="wp-block-heading" id="h-keep-your-personal-cloud-storage-personal"><strong>Keep your personal cloud storage personal</strong></h2><p>The most popular cloud storage for most small business owners is the cloud storage they already have—their personal Google Drive or iCloud. </p><p>Built to make memory archival as easy as possible, these tools can automatically back up and secure nearly every single moment that happens through your device, from the vacation photos you snapped last summer, to your kid’s first steps recorded on video, to the texts you sent, the notes you made, and the calendar appointments you managed.</p><p>But this type of automatic archival poses a threat to any non-personal information that you view, send, markup, or sign when using your personal smartphone. Suddenly, and often without thinking about it, your cloud storage has backups of signed contracts, tax returns, client intake forms, invoices, business financial statements, and photos of physical paperwork.</p><p>Above, we warned about using your SSN as your tax ID because it creates a risk if anyone in your business network is breached. But storing client information in your personal cloud storage creates a different problem: it puts that risk directly on you.</p><p>Compounding the threat here is the fact that many personal cloud storage accounts are shared with family members. More people accessing the same account means more exposure and more chances for mistakes, even if everyone has good intentions.</p><p><strong>How to stay safe:</strong></p><p>Go through the cloud backup settings on both your phone and your computer and manage what data is being synced. Move sensitive business files to a dedicated business storage account with proper access controls, sharing permissions, and audit logs—something that can tell you who opened a file and when.</p><p>If anything business-related has to live in a personal cloud account, give that account a strong, unique password, turn on multi-factor authentication, and don’t share access with anyone who isn’t you.</p><h2 class="wp-block-heading" id="h-protect-device-and-account-access-in-the-home"><strong>Protect device and account access in the home</strong></h2><p>Devices have a funny way of moving around. Your smartphone goes into your spouse’s hands as they override your music choices in the car. Your tablet ends most nights in your kid’s bedroom as they watch TV. And your laptop gets tugged around from couch to counter to kitchen table—each time fully opened and logged in, a portal to the web.</p><p>You trust everyone in your home to act safely online, but the path to online safety is full of mistakes.</p><p>A single errant click on a fake ad, a <a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there" rel="noreferrer noopener">malicious search result</a>, or a disguised download is all it takes to compromise your device today, along with all your small business records. </p><p>Aside from the threat of malware, someone using your device could make purchases, accidentally delete files, and overwrite important documents.</p><p>Remember, an “insider threat” doesn’t need to be malicious to cause damage—they just need to be inside your network (which in this, is your home).</p><p><strong>How to stay safe</strong>:</p><p>Treat your devices that you use for work as work devices. That means requiring a passcode or password for device entry, along with multi-factor authentication for important business accounts.</p><p>Also, to ensure that any wrong click doesn’t lead to a malicious PDF download or a wayward malware installation, use always-on antimalware protection software, like <a href="https://www.malwarebytes.com/teams" rel="noreferrer noopener">Malwarebytes for Teams</a>.</p><h2 class="wp-block-heading" id="h-secure-your-success"><strong>Secure your success</strong></h2><p>It’s easy to get overwhelmed with modern cybersecurity advice. Every week there are new vulnerabilities to patch, emerging scams to avoid, and novel viruses and pieces of malware that can seemingly take over your device, your data, and your business.</p><p>Thankfully, there are important steps you can take today that don’t require you to fiddle with internal settings or take a class on network engineering. Some of the most effective protections are simple: Limit how widely you share sensitive information, keep business and personal data separate, and control who can access your devices.</p><p>For everything else, try <a href="https://www.malwarebytes.com/teams">Malwarebytes for Teams</a> to receive 24/7, always-on antimalware protection to shut out viruses, block malware attacks, and keep hackers out of your business.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/3-easy-to-miss-cybersecurity-risks-for-small-businesses/" data-a2a-title="3 easy-to-miss cybersecurity risks for small businesses"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2F3-easy-to-miss-cybersecurity-risks-for-small-businesses%2F&amp;linkname=3%20easy-to-miss%20cybersecurity%20risks%20for%20small%20businesses" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2F3-easy-to-miss-cybersecurity-risks-for-small-businesses%2F&amp;linkname=3%20easy-to-miss%20cybersecurity%20risks%20for%20small%20businesses" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2F3-easy-to-miss-cybersecurity-risks-for-small-businesses%2F&amp;linkname=3%20easy-to-miss%20cybersecurity%20risks%20for%20small%20businesses" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2F3-easy-to-miss-cybersecurity-risks-for-small-businesses%2F&amp;linkname=3%20easy-to-miss%20cybersecurity%20risks%20for%20small%20businesses" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2F3-easy-to-miss-cybersecurity-risks-for-small-businesses%2F&amp;linkname=3%20easy-to-miss%20cybersecurity%20risks%20for%20small%20businesses" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/how-to/2026/05/3-easy-to-miss-cybersecurity-risks-for-small-businesses">https://www.malwarebytes.com/blog/how-to/2026/05/3-easy-to-miss-cybersecurity-risks-for-small-businesses</a> </p>

A review of my experience with Bitwarden after several years of self-hosting it, and why I decided to move away from the password manager.Almost four years ago I published a guide on how to run yo… [+27944 chars]

Earlier this year, more than 25 million Americans began receiving letters from a company most of them had never heard of. The sender was Conduent Business Services, a contractor that processes benefi… [+7601 chars]

A pawn shop chain has agreed to shell out millions of dollars to settle a class action lawsuit over a data breach that exposed customers sensitive information. According to the settlement administra… [+1866 chars]

SHANGHAI, May 02, 2026 (GLOBE NEWSWIRE) Sigenergy Technology Co., Ltd. (Stock Code: 6656.HK), a global leader in AI-driven energy solutions, today published its 2025 Environmental, Social and Governa… [+5019 chars]

SHANGHAI, May 02, 2026 (GLOBE NEWSWIRE) -- Sigenergy Technology Co., Ltd. (Stock Code: 6656.HK), a global leader in AI-driven energy solutions, today published its 2025 Environmental, Social and Gove… [+2816 chars]

Protecting yourself online needn't cost more than $2.50 per month. Regardless of constant conversations around data breaches and putting data online to verify your age, it's easier than ever to put t… [+2104 chars]

Oura ring users will soon be able to get more insights about their hormonal health. The smart ring, best known for tracking sleep and other health metrics, will add hormonal birth control and updated… [+3101 chars]

I was invited to give testimony in front of this committee about S.71, An act relating to consumer data privacy and online surveillance. Vermont House Committee on Commerce and Economic Development … [+6697 chars]

NEW RESOURCES Indiana Attorney General: Attorney General Todd Rokita launches IN Fuel Watch. “Attorney General Todd Rokita today launched IN Fuel Watch, a new public online portal that provides rea… [+4479 chars]

French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. The … [+2121 chars]

NASHVILLE, May 01, 2026 (GLOBE NEWSWIRE) -- The 2026 Tennessee ORBIE Awards honored leading chief information officers (CIOs) and chief information security officers (CISOs) from FedEx (ret), Nissan … [+5182 chars]

Alberta Premier Danielle Smith says those responsible for exposing voters private information to the public should be held legally accountable. In a statement issued Friday, Smith made her official … [+2349 chars]

ADT has confirmed a new data breach, and it comes with a familiar twist. A well-known cybercrime group is reportedly demanding money and threatening to leak data if it does not get paid. The group b… [+9292 chars]

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local privil… [+11790 chars]

The platform tests cybersecurity controls continuously from three dimensions, outside-in, inside-out, and social engineering, mapping to NIST CSF 2.0, NIST 800-171, CMMC 2.0, ISO 27001, HIPAA, PCI DS… [+7831 chars]

We may earn revenue from the products available on this page and participate in affiliate programs. Learn more TL;DR: Surfshark One+ with Incogni bundles VPN, antivirus, breach alerts, and data broke… [+2148 chars]

Security researchers are warning about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM).  This is a critical, actively exploited au… [+3591 chars]

Introduction In todays digital world, security is more important than everespecially for high-risk users such as developers, administrators, business owners, and professionals handling sensitive dat… [+6394 chars]

Strategic acquisition is anticipated to position Datavault AI to bring CyberCatch's AI-enabled cyber risk mitigation solution into Datavault AI's SanQtum-secured edge Graphics Processing Unit ecosyst… [+3168 chars]

Regulars here at the shebeen know how highly the management thinks of the work done by the International Consortium of Investigative Journalists, who spend their time turning over the rocks where the… [+5127 chars]

Welcome to this weeks edition of the Threat Source newsletter.  As Im writing this, today (April 28) is International Superhero Day. If you dont know the origin story behind this, perhaps you would … [+9121 chars]

The conversation about AI and cybersecurity has settled into a familiar pattern: AI systems - including platforms like Claude Mythos - are accelerating attacks. The solution: we must deploy AI in def… [+5155 chars]

The general cyber security threat to UK organisations remains widespread and significant with 43% of businesses, 28% of charities and 69% of large firms having suffered either a data breach or cyber … [+5129 chars]