ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign

**Executive summary:** ShinyHunters exploited a vulnerability in the Free‑For‑Teacher Canvas instance to exfiltrate approximately 3.65 TB (about 275 million records) from Instructure, then initiated a pay‑or‑leak extortion campaign that includes school‑by‑school extortion and defacement of roughly 330 Canvas login pages; affected organizations are advised to change passwords, enable MFA, and watch for phishing and financial fraud.