Dependency attack takes down ed-tech platform at scale

**Executive summary:** Shiny Hunters executed a supply-chain-style ransomware and data-extortion attack against Canvas (Instructure), affecting roughly 275 million users and prompting widespread outages during finals; Instructure reportedly negotiated payment to prevent public disclosure. The article highlights the operational impact on educational institutions and presents five supply-chain security lessons: visibility, procurement security, component/code review, vendor monitoring, and resiliency planning.