Cybersecurity Brief: May 13, 2026

Instructure Pays Ransom Following Massive Canvas Breach

Educational technology provider Instructure has reached a ransom agreement with the ShinyHunters hacking group following a significant breach of its Canvas learning management platform. The incident compromised data from approximately 9,000 educational institutions affecting roughly 275 million individuals, including email addresses, enrollment information, and private messages. The University of Pennsylvania alone reported 306,000 affected affiliates. Instructure agreed to the deal in exchange for assurances that the stolen data would be destroyed rather than publicly released. The decision to negotiate with cybercriminals—rather than refuse payment on principle—highlights the escalating pressures organizations face when balancing data protection obligations against ransomware threats at scale.

Supply Chain and AI-Enhanced Threats Emerge

Foxconn confirmed cyberattacks against facilities in North America, adding to growing concerns about supply chain security affecting major technology manufacturers like Apple. Separately, South Korea announced plans to expand AI cybersecurity defenses after Anthropic's Claude Mythos Preview demonstrated advanced offensive capabilities, signaling that nation-states are taking seriously the threat of AI-powered cyberattacks. The convergence of supply chain vulnerabilities and AI-enhanced attack techniques represents an evolving threat landscape requiring both traditional security controls and novel defensive approaches tailored to autonomous adversarial systems.

Sources: digitimes · UPI · The Daily Pennsylvanian · CBC