China’s Zhipu AI (Z.ai) released its open-weight GLM-5.2, and some researchers have claimed that it matches Mythos in certain bug-finding and cybersecurity scenarios. While GLM lags behind models from Anthropic and OpenAI in other, more general tasks, it seems that China has dramatically reduced the gap in the capabilities between its models and those of the US.
This level of advancement is particularly concerning to the US government, which has worked to restrict China’s access to powerful models like Anthropic’s Mythos and Fable, as well as the hardware necessary to train and run them. The Trump administration views Mythos and other advanced AI models capable of identifying vulnerabilities as serious national security threats. Recently, OpenAI unveiled GPT-5.6, which has also raised concerns about its potential for misuse and has limited access to it.
Because GLM is an open-weight model, it can be downloaded and run by anyone on readily available hardware. That gives it great flexibility and allows power users deep access, but it also makes it ripe for abuse by bad actors who can run it with little oversight.
China’s Zhipu AI (Z.ai) released its open-weight GLM-5.2, and some researchers have claimed that it matches Mythos in certain bug-finding and cybersecurity scenarios. While GLM lags behind models from Anthropic and OpenAI in other, more general tasks, it seems that China has dramatically reduced the gap in the capabilities between its models and those of the US.
This level of advancement is particularly concerning to the US government, which has worked to restrict China’s access to powerful models like Anthropic’s Mythos and Fable, as well as the hardware necessary to train and run them. The Trump administration views Mythos and other advanced AI models capable of identifying vulnerabilities as serious national security threats. Recently, OpenAI unveiled GPT-5.6, which has also raised concerns about its potential for misuse and has limited access to it.
Because GLM is an open-weight model, it can be downloaded and run by anyone on readily available hardware. That gives it great flexibility and allows power users deep access, but it also makes it ripe for abuse by bad actors who can run it with little oversight.
#Chinas #Z.ai #claims #match #Mythos #cybersecurityAI,News,Policy,Politics,Security,Tech">China’s Z.ai claims it can match Mythos on cybersecurity
China’s Zhipu AI (Z.ai) released its open-weight GLM-5.2, and some researchers have claimed that it matches Mythos in certain bug-finding and cybersecurity scenarios. While GLM lags behind models from Anthropic and OpenAI in other, more general tasks, it seems that China has dramatically reduced the gap in the capabilities between its models and those of the US.
This level of advancement is particularly concerning to the US government, which has worked to restrict China’s access to powerful models like Anthropic’s Mythos and Fable, as well as the hardware necessary to train and run them. The Trump administration views Mythos and other advanced AI models capable of identifying vulnerabilities as serious national security threats. Recently, OpenAI unveiled GPT-5.6, which has also raised concerns about its potential for misuse and has limited access to it.
Because GLM is an open-weight model, it can be downloaded and run by anyone on readily available hardware. That gives it great flexibility and allows power users deep access, but it also makes it ripe for abuse by bad actors who can run it with little oversight.
Emergency Exit Locked—Would You Like to Start a Free Trial? | Points in Case
…
Last year, the FBI opened a Cyber Range in Huntsville, Alabama, for simulating cyberattacks. Think of it sort of like the famous Hogan’s Alley, but for modern digital crime training. It’s a massive 22,000 square-foot replica of an entire town, complete with a convenience store, gas station, hospital, and even fully furnished houses.
It’s a training facility where the bureau can recreate real-world scenarios for training and research purposes. All of the various buildings and facilities are hooked up the way they would be in a real town. There’s even a small data center with over 200 servers that can be hacked, infected with malware, and studied. But, importantly, all of the systems in the fake town are cut off from the outside world, which means there’s no danger of any malicious code or anything from escaping containment.
Students practice performing forensic investigations on car entertainment systems, hospital computer networks, and corporate security systems. They can see how various cyberattacks might affect power grids or spread through home networks.
While the facility opened last year, the FBI only shared a video this week, giving the public its first glimpse inside.
Last year, the FBI opened a Cyber Range in Huntsville, Alabama, for simulating cyberattacks. Think of it sort of like the famous Hogan’s Alley, but for modern digital crime training. It’s a massive 22,000 square-foot replica of an entire town, complete with a convenience store, gas station, hospital, and even fully furnished houses.
It’s a training facility where the bureau can recreate real-world scenarios for training and research purposes. All of the various buildings and facilities are hooked up the way they would be in a real town. There’s even a small data center with over 200 servers that can be hacked, infected with malware, and studied. But, importantly, all of the systems in the fake town are cut off from the outside world, which means there’s no danger of any malicious code or anything from escaping containment.
Students practice performing forensic investigations on car entertainment systems, hospital computer networks, and corporate security systems. They can see how various cyberattacks might affect power grids or spread through home networks.
While the facility opened last year, the FBI only shared a video this week, giving the public its first glimpse inside.
#FBI #built #small #town #simulate #cyberattacksNews,Security,Tech">The FBI built a small town to simulate cyberattacks
Last year, the FBI opened a Cyber Range in Huntsville, Alabama, for simulating cyberattacks. Think of it sort of like the famous Hogan’s Alley, but for modern digital crime training. It’s a massive 22,000 square-foot replica of an entire town, complete with a convenience store, gas station, hospital, and even fully furnished houses.
It’s a training facility where the bureau can recreate real-world scenarios for training and research purposes. All of the various buildings and facilities are hooked up the way they would be in a real town. There’s even a small data center with over 200 servers that can be hacked, infected with malware, and studied. But, importantly, all of the systems in the fake town are cut off from the outside world, which means there’s no danger of any malicious code or anything from escaping containment.
Students practice performing forensic investigations on car entertainment systems, hospital computer networks, and corporate security systems. They can see how various cyberattacks might affect power grids or spread through home networks.
While the facility opened last year, the FBI only shared a video this week, giving the public its first glimpse inside.
Last year, the FBI opened a Cyber Range in Huntsville, Alabama, for simulating cyberattacks. Think…
According to theWall Street Journal, the export control directive that led to Anthropic cutting off access to Fable 5 and Mythos 5 was triggered in part by cybersecurity research from Amazon and conversations between CEO Andy Jassy and the White House. According to the report, the paper from Amazon claims that, through a series of prompts, it was able to get Fable 5 to serve up information that could be used in cyberattacks. Amazon has yet to respond to a request for comment.
Shortly after Jassy shared the company’s findings with the government, it made the call to block its use by foreign nationals. Complicating this issue is that many of Anthropic’s researchers are foreign-born, meaning they were barred from accessing their own product.
In a statement, Anthropic disputed the government’s characterization of the issue as a “jailbreak.” It argued that many of the same vulnerabilities could be discovered using other publicly available models, including GPT 5.5. Some security researchers appear to back the company’s interpretation. Katie Moussouris, the founder and CEO of LutaSecurity posted on BlueSky that “I’ve seen the paper. It’s not a jailbreak.” Former Commerce Department official Kate Koren speculated to the WSJ that the White House’s dislike of Anthropic may have influenced the decision.
Anthropic and the Trump administration have been at odds for some time over the company’s refusal to allow its AI to be used for mass surveillance of Americans or to power lethal autonomous weapons. In February, Trump instructed federal agencies to stop using Anthropic’s AI. And just hours later, Secretary of Defense Pete Hegseth designated the company a supply chain risk.
The government and the company seemed to have madeamends, and the two had worked together to expand access to Mythos. However, now the two seem destined to clash again.
According to theWall Street Journal, the export control directive that led to Anthropic cutting off access to Fable 5 and Mythos 5 was triggered in part by cybersecurity research from Amazon and conversations between CEO Andy Jassy and the White House. According to the report, the paper from Amazon claims that, through a series of prompts, it was able to get Fable 5 to serve up information that could be used in cyberattacks. Amazon has yet to respond to a request for comment.
Shortly after Jassy shared the company’s findings with the government, it made the call to block its use by foreign nationals. Complicating this issue is that many of Anthropic’s researchers are foreign-born, meaning they were barred from accessing their own product.
In a statement, Anthropic disputed the government’s characterization of the issue as a “jailbreak.” It argued that many of the same vulnerabilities could be discovered using other publicly available models, including GPT 5.5. Some security researchers appear to back the company’s interpretation. Katie Moussouris, the founder and CEO of LutaSecurity posted on BlueSky that “I’ve seen the paper. It’s not a jailbreak.” Former Commerce Department official Kate Koren speculated to the WSJ that the White House’s dislike of Anthropic may have influenced the decision.
Anthropic and the Trump administration have been at odds for some time over the company’s refusal to allow its AI to be used for mass surveillance of Americans or to power lethal autonomous weapons. In February, Trump instructed federal agencies to stop using Anthropic’s AI. And just hours later, Secretary of Defense Pete Hegseth designated the company a supply chain risk.
The government and the company seemed to have madeamends, and the two had worked together to expand access to Mythos. However, now the two seem destined to clash again.
#Amazon #security #research #reportedly #led #White #Houses #Anthropic #Fable #banAI,Amazon,Anthropic,News,Policy,Politics,Security,Tech">Amazon security research reportedly led to the White House’s Anthropic Fable ban
According to theWall Street Journal, the export control directive that led to Anthropic cutting off access to Fable 5 and Mythos 5 was triggered in part by cybersecurity research from Amazon and conversations between CEO Andy Jassy and the White House. According to the report, the paper from Amazon claims that, through a series of prompts, it was able to get Fable 5 to serve up information that could be used in cyberattacks. Amazon has yet to respond to a request for comment.
Shortly after Jassy shared the company’s findings with the government, it made the call to block its use by foreign nationals. Complicating this issue is that many of Anthropic’s researchers are foreign-born, meaning they were barred from accessing their own product.
In a statement, Anthropic disputed the government’s characterization of the issue as a “jailbreak.” It argued that many of the same vulnerabilities could be discovered using other publicly available models, including GPT 5.5. Some security researchers appear to back the company’s interpretation. Katie Moussouris, the founder and CEO of LutaSecurity posted on BlueSky that “I’ve seen the paper. It’s not a jailbreak.” Former Commerce Department official Kate Koren speculated to the WSJ that the White House’s dislike of Anthropic may have influenced the decision.
Anthropic and the Trump administration have been at odds for some time over the company’s refusal to allow its AI to be used for mass surveillance of Americans or to power lethal autonomous weapons. In February, Trump instructed federal agencies to stop using Anthropic’s AI. And just hours later, Secretary of Defense Pete Hegseth designated the company a supply chain risk.
The government and the company seemed to have madeamends, and the two had worked together to expand access to Mythos. However, now the two seem destined to clash again.
According to the Wall Street Journal, the export control directive that led to Anthropic cutting…
Ahead of this year’s World Cup, Amnesty International warned that millions of fans attending the tournament are at risk of attacks on their human rights, especially in the United States. The organization added that the tournament, which will also be held in Mexico and Canada, could take place amid severe restrictions on freedom of expression and peaceful assembly.
In a report titled “Humanity Must Win: Defending Rights, Tackling Repression at the 2026 FIFA World Cup,” Amnesty outlines a range of risks faced by fans, players, locals, and media attending the tournament in its three host countries.
In the US, where three-quarters of the World Cup matches will be played, the report finds there is a “human rights emergency” characterized by racial profiling and mass detentions by agencies such as Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP).
“This World Cup is far from the ‘medium risk’ tournament that FIFA once judged it to be,” the organization wrote. “The joy that fans hope to experience over a six-week celebration of football is overshadowed by the reality of violent arrests, mass detention,” and other abuses.
Earlier this year, then-acting ICE director Todd Lyons said ICE would be a “key part” of security during the World Cup. Since then, the extent of ICE’s role has not been fully clarified. But in May, Department of Homeland Security officials told NBC News that ICE is offering its personnel to local police departments to help with security during World Cup matches.
Amnesty International’s report indicates that in Mexico federal authorities have announced the deployment of around 100,000 security agents, including members of the army, in response to high levels of violence. According to Amnesty, this decision increases the risk for those demonstrating, including a movement of searching mothers who have planned peaceful protests in the vicinity of the Banorte Stadium (formerly Azteca Stadium) in Mexico City to demand transparency, justice, and reparations for the 133,500 disappearances registered in the country. This initiative is expected to be joined by other mobilizations during the tournament, linked to access to land, water, housing, and criticism of gentrification.
In Canada, the report notes, there are fears that the country’s housing woes will lead to unhoused populations in host cities like Toronto being displaced by World Cup activities.
When Amnesty released its report in March, the organization claimed only four of the 16 host cities had published plans for the protection of human rights during the tournament. It recommended that host cities avoid the use of military forces in civilian security tasks and stressed that local authorities should ensure that World Cup events and venues were not subject to immigration raids.
This story originally appeared onWIRED en Españoland has been translated from Spanish.
Ahead of this year’s World Cup, Amnesty International warned that millions of fans attending the tournament are at risk of attacks on their human rights, especially in the United States. The organization added that the tournament, which will also be held in Mexico and Canada, could take place amid severe restrictions on freedom of expression and peaceful assembly.
In a report titled “Humanity Must Win: Defending Rights, Tackling Repression at the 2026 FIFA World Cup,” Amnesty outlines a range of risks faced by fans, players, locals, and media attending the tournament in its three host countries.
In the US, where three-quarters of the World Cup matches will be played, the report finds there is a “human rights emergency” characterized by racial profiling and mass detentions by agencies such as Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP).
“This World Cup is far from the ‘medium risk’ tournament that FIFA once judged it to be,” the organization wrote. “The joy that fans hope to experience over a six-week celebration of football is overshadowed by the reality of violent arrests, mass detention,” and other abuses.
Earlier this year, then-acting ICE director Todd Lyons said ICE would be a “key part” of security during the World Cup. Since then, the extent of ICE’s role has not been fully clarified. But in May, Department of Homeland Security officials told NBC News that ICE is offering its personnel to local police departments to help with security during World Cup matches.
Amnesty International’s report indicates that in Mexico federal authorities have announced the deployment of around 100,000 security agents, including members of the army, in response to high levels of violence. According to Amnesty, this decision increases the risk for those demonstrating, including a movement of searching mothers who have planned peaceful protests in the vicinity of the Banorte Stadium (formerly Azteca Stadium) in Mexico City to demand transparency, justice, and reparations for the 133,500 disappearances registered in the country. This initiative is expected to be joined by other mobilizations during the tournament, linked to access to land, water, housing, and criticism of gentrification.
In Canada, the report notes, there are fears that the country’s housing woes will lead to unhoused populations in host cities like Toronto being displaced by World Cup activities.
When Amnesty released its report in March, the organization claimed only four of the 16 host cities had published plans for the protection of human rights during the tournament. It recommended that host cities avoid the use of military forces in civilian security tasks and stressed that local authorities should ensure that World Cup events and venues were not subject to immigration raids.
This story originally appeared onWIRED en Españoland has been translated from Spanish.
#Amnesty #International #Warns #World #Cup #Fans #Face #Potential #Human #Rights #Violationssports,world cup 2026,security,immigration">Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations
Ahead of this year’s World Cup, Amnesty International warned that millions of fans attending the tournament are at risk of attacks on their human rights, especially in the United States. The organization added that the tournament, which will also be held in Mexico and Canada, could take place amid severe restrictions on freedom of expression and peaceful assembly.
In a report titled “Humanity Must Win: Defending Rights, Tackling Repression at the 2026 FIFA World Cup,” Amnesty outlines a range of risks faced by fans, players, locals, and media attending the tournament in its three host countries.
In the US, where three-quarters of the World Cup matches will be played, the report finds there is a “human rights emergency” characterized by racial profiling and mass detentions by agencies such as Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP).
“This World Cup is far from the ‘medium risk’ tournament that FIFA once judged it to be,” the organization wrote. “The joy that fans hope to experience over a six-week celebration of football is overshadowed by the reality of violent arrests, mass detention,” and other abuses.
Earlier this year, then-acting ICE director Todd Lyons said ICE would be a “key part” of security during the World Cup. Since then, the extent of ICE’s role has not been fully clarified. But in May, Department of Homeland Security officials told NBC News that ICE is offering its personnel to local police departments to help with security during World Cup matches.
Amnesty International’s report indicates that in Mexico federal authorities have announced the deployment of around 100,000 security agents, including members of the army, in response to high levels of violence. According to Amnesty, this decision increases the risk for those demonstrating, including a movement of searching mothers who have planned peaceful protests in the vicinity of the Banorte Stadium (formerly Azteca Stadium) in Mexico City to demand transparency, justice, and reparations for the 133,500 disappearances registered in the country. This initiative is expected to be joined by other mobilizations during the tournament, linked to access to land, water, housing, and criticism of gentrification.
In Canada, the report notes, there are fears that the country’s housing woes will lead to unhoused populations in host cities like Toronto being displaced by World Cup activities.
When Amnesty released its report in March, the organization claimed only four of the 16 host cities had published plans for the protection of human rights during the tournament. It recommended that host cities avoid the use of military forces in civilian security tasks and stressed that local authorities should ensure that World Cup events and venues were not subject to immigration raids.
This story originally appeared onWIRED en Españoland has been translated from Spanish.
Some friends and I are walking into a bar. Bouncer: “Can I see some ID?”…
OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization’s code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher risk ones.
Its launch comes just over a month after rival Anthropic announced Claude Mythos, a security-focused AI model it claimed was too dangerous to publicly release and only shared privately as a part of its own initiative, dubbed Project Glasswing. Still, that didn’t stop at least a few unauthorized parties from getting access.
However, OpenAI has so far lacked a similar security product. Like Glasswing, Daybreak isn’t built on just one AI model — OpenAI says “Daybreak brings together the most capable OpenAI models, Codex, and our security partners.”
Daybreak also involves specialized cyber models, including GPT-5.5 with Trusted Access for Cyber and GPT-5.5-Cyber, which began rolling out last week. OpenAI also says it’s working with its “industry and government partners” while it prepares to “deploy increasingly more cyber-capable models.”
OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization’s code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher risk ones.
Its launch comes just over a month after rival Anthropic announced Claude Mythos, a security-focused AI model it claimed was too dangerous to publicly release and only shared privately as a part of its own initiative, dubbed Project Glasswing. Still, that didn’t stop at least a few unauthorized parties from getting access.
However, OpenAI has so far lacked a similar security product. Like Glasswing, Daybreak isn’t built on just one AI model — OpenAI says “Daybreak brings together the most capable OpenAI models, Codex, and our security partners.”
Daybreak also involves specialized cyber models, including GPT-5.5 with Trusted Access for Cyber and GPT-5.5-Cyber, which began rolling out last week. OpenAI also says it’s working with its “industry and government partners” while it prepares to “deploy increasingly more cyber-capable models.”
#OpenAI #released #answer #Claude #MythosAI,Anthropic,News,OpenAI,Security,Tech">OpenAI just released its answer to Claude Mythos
OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization’s code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher risk ones.
Its launch comes just over a month after rival Anthropic announced Claude Mythos, a security-focused AI model it claimed was too dangerous to publicly release and only shared privately as a part of its own initiative, dubbed Project Glasswing. Still, that didn’t stop at least a few unauthorized parties from getting access.
However, OpenAI has so far lacked a similar security product. Like Glasswing, Daybreak isn’t built on just one AI model — OpenAI says “Daybreak brings together the most capable OpenAI models, Codex, and our security partners.”
Daybreak also involves specialized cyber models, including GPT-5.5 with Trusted Access for Cyber and GPT-5.5-Cyber, which began rolling out last week. OpenAI also says it’s working with its “industry and government partners” while it prepares to “deploy increasingly more cyber-capable models.”
OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers…
ransomware gangs and data extortion attacks. But never before, perhaps, has a cyberattack against a single software platform so thoroughly disrupted the daily operations of thousands of schools across the United States.
The widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its maker, the education tech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the recognizable moniker “ShinyHunters.” Though the hackers have been advertising the breach and attempting to extract a ransom payment from Instructure since May 1, the situation took on additional immediacy for regular people across the US and beyond on Thursday because the Canvas downtime caused chaos at schools, including those in the midst of finals and end-of-year assignments.
Universities like Harvard, Columbia, Rutgers, and Georgetown sent alerts to students about the situation in recent days; other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list published by the hackers behind the attack on their ransom-focused dark web site, they claim the breach affected more than 8,800 schools. The exact scale and reach of the breach is currently unclear, though. And the fact that Canvas was down throughout Thursday afternoon and evening further complicated the picture.
In a running incident update log that began on May 1, Steve Proud, Instructure’s chief information security officer, said that the company had “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.” He added on May 2 that “the information involved” for “users at affected institutions” included names, email addresses, student ID numbers, and messages exchanged by users on the platform.
The situation was ultimately marked as “Resolved” on Wednesday, with Proud writing that “Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.” At midday on Thursday, though, the Instructure status page registered an “issue” where “some users are having difficulties logging into Student ePortfolios.” Within a few hours, the company had added another status update: “Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode.” Late Thursday evening, the company said that Canvas was available again “for most users.”
TechCrunch reported on Thursday that the hackers launched a secondary wave of attacks, defacing some schools’ Canvas portals by injecting an HTML file to display their own message on the schools’ Canvas login pages. According to The Harvard Crimson, attackers modified the Harvard Canvas login page to show a message that included a list of schools that the hackers claim were impacted by the breach.
The message from attackers “urged schools included on the affected list to consult with a cyber advisory firm and contact the group privately to negotiate a settlement before the end of the day on May 12—or else risk their data being leaked,” The Crimson reported. “It is unclear what information tied to Harvard affiliates was included in the alleged breach.”
Instructure did not immediately respond to a request for comment about Thursday’s outages and how they fit into the bigger picture of the breach. But the situation is significant given that a massive trove of student information has potentially been exposed, and the visibility of the incident across the country makes it a key example of a longstanding, yet endlessly escalating problem of data extortion and ransomware attacks.
The ShinyHunters name is associated with massive data dumps and has been linked to the infamous hacker collective known as the Com. But as the constellation of actors has shifted over the years, numerous attackers have taken up the most prominent Com-related monikers. A number of recent attacks have invoked other names, such as Lapsus$, with little or no connection to the original group that operated under the name.
ransomware gangs and data extortion attacks. But never before, perhaps, has a cyberattack against a single software platform so thoroughly disrupted the daily operations of thousands of schools across the United States.
The widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its maker, the education tech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the recognizable moniker “ShinyHunters.” Though the hackers have been advertising the breach and attempting to extract a ransom payment from Instructure since May 1, the situation took on additional immediacy for regular people across the US and beyond on Thursday because the Canvas downtime caused chaos at schools, including those in the midst of finals and end-of-year assignments.
Universities like Harvard, Columbia, Rutgers, and Georgetown sent alerts to students about the situation in recent days; other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list published by the hackers behind the attack on their ransom-focused dark web site, they claim the breach affected more than 8,800 schools. The exact scale and reach of the breach is currently unclear, though. And the fact that Canvas was down throughout Thursday afternoon and evening further complicated the picture.
In a running incident update log that began on May 1, Steve Proud, Instructure’s chief information security officer, said that the company had “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.” He added on May 2 that “the information involved” for “users at affected institutions” included names, email addresses, student ID numbers, and messages exchanged by users on the platform.
The situation was ultimately marked as “Resolved” on Wednesday, with Proud writing that “Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.” At midday on Thursday, though, the Instructure status page registered an “issue” where “some users are having difficulties logging into Student ePortfolios.” Within a few hours, the company had added another status update: “Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode.” Late Thursday evening, the company said that Canvas was available again “for most users.”
TechCrunch reported on Thursday that the hackers launched a secondary wave of attacks, defacing some schools’ Canvas portals by injecting an HTML file to display their own message on the schools’ Canvas login pages. According to The Harvard Crimson, attackers modified the Harvard Canvas login page to show a message that included a list of schools that the hackers claim were impacted by the breach.
The message from attackers “urged schools included on the affected list to consult with a cyber advisory firm and contact the group privately to negotiate a settlement before the end of the day on May 12—or else risk their data being leaked,” The Crimson reported. “It is unclear what information tied to Harvard affiliates was included in the alleged breach.”
Instructure did not immediately respond to a request for comment about Thursday’s outages and how they fit into the bigger picture of the breach. But the situation is significant given that a massive trove of student information has potentially been exposed, and the visibility of the incident across the country makes it a key example of a longstanding, yet endlessly escalating problem of data extortion and ransomware attacks.
The ShinyHunters name is associated with massive data dumps and has been linked to the infamous hacker collective known as the Com. But as the constellation of actors has shifted over the years, numerous attackers have taken up the most prominent Com-related monikers. A number of recent attacks have invoked other names, such as Lapsus$, with little or no connection to the original group that operated under the name.
#Canvas #Hack #Kind #Ransomware #Debacleransomware,cybersecurity,malware,hacks,hacking,security,vulnerabilities">The Canvas Hack Is a New Kind of Ransomware Debacle
Higher education has long been a target of ransomware gangs and data extortion attacks. But never before, perhaps, has a cyberattack against a single software platform so thoroughly disrupted the daily operations of thousands of schools across the United States.
The widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its maker, the education tech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the recognizable moniker “ShinyHunters.” Though the hackers have been advertising the breach and attempting to extract a ransom payment from Instructure since May 1, the situation took on additional immediacy for regular people across the US and beyond on Thursday because the Canvas downtime caused chaos at schools, including those in the midst of finals and end-of-year assignments.
Universities like Harvard, Columbia, Rutgers, and Georgetown sent alerts to students about the situation in recent days; other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list published by the hackers behind the attack on their ransom-focused dark web site, they claim the breach affected more than 8,800 schools. The exact scale and reach of the breach is currently unclear, though. And the fact that Canvas was down throughout Thursday afternoon and evening further complicated the picture.
In a running incident update log that began on May 1, Steve Proud, Instructure’s chief information security officer, said that the company had “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.” He added on May 2 that “the information involved” for “users at affected institutions” included names, email addresses, student ID numbers, and messages exchanged by users on the platform.
The situation was ultimately marked as “Resolved” on Wednesday, with Proud writing that “Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.” At midday on Thursday, though, the Instructure status page registered an “issue” where “some users are having difficulties logging into Student ePortfolios.” Within a few hours, the company had added another status update: “Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode.” Late Thursday evening, the company said that Canvas was available again “for most users.”
TechCrunch reported on Thursday that the hackers launched a secondary wave of attacks, defacing some schools’ Canvas portals by injecting an HTML file to display their own message on the schools’ Canvas login pages. According to The Harvard Crimson, attackers modified the Harvard Canvas login page to show a message that included a list of schools that the hackers claim were impacted by the breach.
The message from attackers “urged schools included on the affected list to consult with a cyber advisory firm and contact the group privately to negotiate a settlement before the end of the day on May 12—or else risk their data being leaked,” The Crimson reported. “It is unclear what information tied to Harvard affiliates was included in the alleged breach.”
Instructure did not immediately respond to a request for comment about Thursday’s outages and how they fit into the bigger picture of the breach. But the situation is significant given that a massive trove of student information has potentially been exposed, and the visibility of the incident across the country makes it a key example of a longstanding, yet endlessly escalating problem of data extortion and ransomware attacks.
The ShinyHunters name is associated with massive data dumps and has been linked to the infamous hacker collective known as the Com. But as the constellation of actors has shifted over the years, numerous attackers have taken up the most prominent Com-related monikers. A number of recent attacks have invoked other names, such as Lapsus$, with little or no connection to the original group that operated under the name.
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas. The platform’s status page says Canvas, Canvas Beta, and Canvas Test are currently unavailable and that it is investigating the outage.
Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas. The platform’s status page says Canvas, Canvas Beta, and Canvas Test are currently unavailable and that it is investigating the outage.
Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.
#Canvas #ShinyHunters #threatens #leak #schools #dataNews,Security,Tech">Canvas is down as ShinyHunters threatens to leak schools’ data
The Instructure-owned learning management platform, Canvas, is down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack:
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas. The platform’s status page says Canvas, Canvas Beta, and Canvas Test are currently unavailable and that it is investigating the outage.
Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.