Instructure confirms hackers used Canvas flaw to deface portals

Monday, May 11, 2026 at 03:26 PM UTC·Source: BleepingComputer

Updated: Monday, May 11, 2026 at 04:01 PM UTC

Executive Summary

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]

Analysis

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]

Source Attribution

Originally published by BleepingComputer on May 11, 2026.

Related Threats

CRITICALVulnerability

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]

1h agoBleepingComputer

LOWVulnerability

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is rea

CVE-2026-46300

2h agoCSO Online

HIGHVulnerability

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

2h agoDark Reading