Instructure confirms hackers used Canvas flaw to deface portals

What is the Instructure Canvas breach and how many schools are affected?

The May 2026 Instructure breach exposed data from 8,809 schools and universities through a Canvas login portal flaw, with attackers ShinyHunters claiming 280 million student and staff records. Instructure later reached an undisclosed agreement to halt the data leak. Affected districts should rotate Canvas credentials and monitor for credential-stuffing attempts.

What is the Palo Alto Networks PAN-OS zero-day exploited in May 2026?

A critical pre-authentication RCE in Palo Alto Networks PAN-OS firewalls, tracked as CVE-XXXX, has been exploited in the wild since April 2026. The flaw affects PAN-OS versions [range] and carries a CVSS of [X]. Palo Alto Networks released hotfixes on [date]; unpatched internet-facing firewalls should be patched immediately or taken offline.

How are attackers using AI to develop zero-day exploits in 2026?

Google disclosed in May 2026 that a state-aligned threat actor used [AI system] to develop a working zero-day exploit against [web admin tool], the first publicly confirmed case of an LLM producing an operational vulnerability chain. The exploit targeted [component] and was deployed against [victim profile]. Defenders should expect AI-accelerated exploit development to compress patch windows further.

What is the Ivanti EPMM zero-day CISA gave feds four days to patch?

CISA gave federal agencies until [date] — four days from disclosure — to patch a zero-day in Ivanti Endpoint Manager Mobile tracked as CVE-XXXX. The flaw enables [mechanism] against EPMM versions [range] and is confirmed exploited in attacks targeting government and enterprise mobile fleets. Ivanti has released fixed builds in version [X].