Getting Schooled By ShinyHunters

The report argues that modern cybercriminals increasingly target vendors, cloud/SaaS providers, and other supply-chain dependencies to magnify impact, citing the alleged ShinyHunters compromise of Instructure/Canvas and earlier incidents like SolarWinds, Kaseya, MOVEit, and Change Healthcare; it warns that this strategy creates concentrated risk, enables highly contextualized social engineering, and exposes gaps in contractual and regulatory responsibility that organizations must address.