Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Multiple recent cyber incidents are summarized: Instructure (Canvas) was disrupted and extorted by actors claiming to be ShinyHunters and alleging theft of records for 275 million students, with Instructure saying data were returned/destroyed after reaching an agreement; OpenAI reported a supply-chain compromise of the TanStack library that led to credential-focused exfiltration from a limited set of internal repositories and broader malicious package activity that stole developer secrets; the alleged administrator of Dream Market was arrested after long-running investigations; and Findem corrected an issue that had hidden a consumer opt-out page. The report highlights large-scale data exposure risk, credential theft via supply-chain attacks, and ongoing criminal prosecutions and remediation efforts.