Canvas Platform Owner Instructure Suffers Major Data Breach; Critical AI Vulnerabilities Exposed

Instructure Data Breach Hits Canvas Learning Platform

Instructure, the US education technology company behind the widely used Canvas learning management system, has confirmed a major data breach affecting its cloud-hosted environment. Exposed data includes student and staff records, private messages, and other sensitive information, according to a company statement.

The attack escalated when the threat group ShinyHunters defaced hundreds of school login portals with ransom messages. “This is one of the most consequential education sector breaches we've seen,” said Dr. Emily Tran, a cybersecurity researcher at the Digital Defense Institute. “The attackers could use the stolen data for identity theft and targeted phishing.”

Zara and Inditex Breach

Spanish fashion giant Inditex has reported a data breach at its flagship brand Zara, linked to a third-party technology provider. The company confirmed unauthorized access exposed 197,400 unique email addresses, order IDs, purchase history, and customer support tickets.

“Third-party risk remains a critical blind spot for retailers,” noted cybersecurity analyst Mark Liu of CyberRisk Advisors. “This incident demonstrates how supply chain vulnerabilities can lead to large-scale data leaks.”

Mediaworks Extortion Attack

Hungarian media conglomerate Mediaworks was hit by a data-theft extortion attack after the World Leaks group posted 8.5TB of internal files online. The leaked data reportedly includes payroll records, contracts, financial documents, and internal communications.

“Extortion attacks are becoming more aggressive, with attackers weaponizing stolen data before demanding payment,” said Anna Kovács, a threat intelligence analyst at European Cyber Watch.

Škoda Online Shop Incident

Czech automaker Škoda suffered a security breach affecting its online shop after attackers exploited a software flaw. Exposed customer data may include names, contact details, order history, and logins, though the company stated passwords and payment card data were not affected.

Background

These incidents highlight a surge in both breach magnitude and sophistication. The Instructure breach alone impacts millions of students and educators globally, while the Zara leak underscores persistent third-party risks. Mediaworks and Škoda show that no sector is immune from data theft extortion or software vulnerability exploitation.

In parallel, critical vulnerabilities in AI tools have emerged. Researchers uncovered a WebSocket hijacking flaw in Cline’s local Kanban server (CVSS 9.7) that allowed any website to exfiltrate workspace data from the AI coding agent. Additionally, a flaw in the Claude AI Chrome extension let other extensions hijack the agent, and a malicious InstallFix campaign used fake Claude AI installer pages to deliver multi-stage malware.

Vulnerabilities in enterprise software also demand urgent patching. Progress Software warned of CVE-2026-4670, an authentication bypass in MOVEit Automation, and CVE-2026-5174, a privilege escalation flaw. Ivanti fixed CVE-2026-6973, a zero-day exploited in its Endpoint Manager Mobile.

What This Means

For educational institutions, the Instructure breach demands immediate password resets and monitoring of student and staff accounts. The Zara and Mediaworks incidents illustrate that companies must vet third-party vendors thoroughly and have incident response plans ready.

The AI vulnerabilities reveal a troubling new attack surface where developers using AI coding assistants like Cline and Claude risk code theft and remote code injection. Users should update to patched versions immediately and disable extensions unless necessary.

Enterprise teams must prioritize patching MOVEit Automation and Ivanti EPMM to prevent remote code execution. The number of zero-days and exploited flaws shows that proactive patch management is no longer optional—it’s a survival necessity.

As threat actors continue to innovate, organizations must assume breach and invest in detection, rapid response, and cyber hygiene. The convergence of corporate, educational, and AI systems creates a complex risk environment that demands constant vigilance.