Instructure
May 7, 2026
•[ vulnerability, page-alteration, threat actor ]
On May 7, 2026, ShinyHunters gained additional access through a second Canvas vulnerability and altered pages shown to some logged-in students and teachers. Instructure detected and disabled the page-alteration activity after approximately 10 minutes, took Canvas offline into maintenance mode to contain the incident, and later took Free-for-Teacher offline.
