I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

Could show a ton of screenshots but this one sums it up https://imgur.com/gallery/canvas-vuln-declared-n-11-months-ago-zYfHnBs

It showed enough PII from everyone in my course that it would have been cake to privilege escalate through even the most rudimentary social engineering.

Here's another screenshot with email replies (two months later) saying insturcture had no control over bootcampspot.instructure.com :: https://imgur.com/a/BnhgXme

So apparently Canvas got hacked by ShinyHunters (3?!) times and is currently completely down. The cybercriminal group said the deadline is on May 12st, and if Instructure doesn't comply, they'll leak the PII of all students and teachers. I'm not a cybersecurity major, and I don't know much about Canvas, but how much will we be affected if no deal is reached? Like, how much information is typically stored on Canvas, and will they be able to figure out more through what is available in the system? I'm genuinely concerned....

Anyone who knows how to know if my information is hacked by SH from the Canvas site? Is there a website where i can find the info?

Thank you.

I run a few small SaaS platforms and static websites.

When my websites were first launched, I didn't pay much attention because there were only very basic scanning attempts, like trying to load WordPress wp-admin.php pages.

However, starting a few weeks ago, I've noticed attempts to perform SQL injections or extract server information through feedback forms, login forms, and other POST requests.

These requests are coming in every hour. After checking hundreds of log entries, they seem to follow the same patterns as Burp Suite’s automated scanning features. When I double-checked with Claude, it also suggested these look like scans from Burp or ZAP. (I've attached images of two log entries: https://cln.sh/VSw3xy6Q)

About once a week, in addition to these automated requests, I occasionally see attacks that aren't automated scans but seem to actually consider the website's structure. (Last week, there was a 30-minute attempt specifically trying to bypass the CAPTCHA on the login form.)

I'm very interested in cybersecurity, but since I'm just a student still learning and without professional experience, I'm not very familiar with attack attempts or patterns on live services. So, I have a few questions:

1. Are attack attempts common even for small websites (less than 50 daily visitors)?
2. I understand that Cloudflare blocks most SQL injection attempts before they even reach the server. Is this feature actually effective in practice?
3. Besides these two questions, if anyone working in this field has any tips or other useful info, I’d really appreciate it if you could share.

Lastly, this post might feel a bit awkward or sound like it was written by an AI. I live in a non-English speaking country and my English isn't great, so I used a translator for this post. Please bear with me.

Check any major university subreddit such as /r/UCSD and you will see the ransom note. This follows from news yesterday that Canvas had contained the attack

Funny enough I'm in school for cybersecurity, but that's not why I am posting. I have so many questions. Yeah canvas is back up and they claim the issue is resolved, but what about all the data. What happens to all the students, teachers, and schools that get hurt from the data that is now compromised. I highly doubt they paid the ransom fee so I am genuinely confused. I am very skeptical of it all and not just because I want to get out of doing homework. How can they be sure the threat is secured. I'm assuming the breach was via social engineering, but for all we know they could have implemented a back door. They had control for several hours which I feel is more than enough time for the shinyhunters to think about plan b's. All I know is that this group is obviously smart enough to take a website ransom, so how dumb does canvas think they are. There is so much to this I feel, and they wont even make a statement. Some answers would be great from people that are more knowledgeable than me. I very well may be wrong and dumb for saying some of this, but I feel as though it's being shrugged off by arguably the biggest website for schools across the country.

Shiny Hunters breached Instructure, operator of the Canvas platform. They claim ~275 million records stolen from nearly 9,000 educational institutions, plus billions of private messages.

Live Canvas websites were defaced today with a May 12 ransom demand. Instructure took affected sites offline.

https://6abc.com/post/canvas-hacked-massive-data-breach-affects-schools-using-nationwide-penn-reportedly-impacted/19059691/

I hope this is the right place to ask this, but ever since I heard about the breach, I've been wondering why Canvas, a platform used for students, is being targeted? This is being asked by someone who knows nothing about Shinyhunters or Canvas's parent company, but I never understood why schools and school software were desirable targets. My only experience with this is my highschool getting hacked by another group 2 years ago, and idk why that was a target then anyway.

Obviously without a statement we can't know for sure, but I tried googling to find people's theories or ideas but I couldn't find anything.

I’m less interested in the “ShinyHunters did X” angle. There are already enough posts on that......The timing is what bothers me....

Canvas goes down or gets compromised during finals week and suddenly it’s not just an IT ticket. It affects students submitting work, professors grading, deadline extensions, exam logistics, and university comms....

Most schools now depend on a handful of SaaS platforms for core operations. Canvas, Google Workspace, Microsoft 365, Zoom, payment portals, student systems...

That makes life easier until one of them becomes unavailable or untrusted....

The question I keep coming back to is
Are universities treating these platforms like critical infrastructure, or still treating them like normal vendor software?

Because if finals week can be disrupted by one SaaS incident, the risk model probably needs to change.

What are the general thoughts among other companies about hiring someone (early 40's) that has worked at one company for 20+ years or more? Obviously I stay on top of tech over the years, get to play with lots of toys and infosec is front and center of my daily grinds.

I can't help but wonder if I'd be marketable though if I were to look around. Would any hiring managers here prefer that sort of experience or steer clear of it?

EDIT: I'm not asking for interviews, I'm very blessed to have the job I have...it's just good to reassess one's worth from time to time I suppose.

Just had a weird and honestly unsettling experience using AWS Educate that I want to flag for anyone else using the platform.

Everything started normally. Logged into the AWS Educate portal without any issues. But the moment I clicked to open a Labs environment, it redirected me to:

https://awseducate.instructure.com/login/canvas

Instead of the usual Canvas login page, I was greeted with what appears to be a defacement/extortion page claiming a breach by "ShinyHunters." Yeah. Not exactly what you want to see on an edu platform.

What I observed:

• Initial AWS Educate login worked fine, no red flags there
• Clicking into Labs triggered the redirect to the Instructure subdomain
• That's where the defacement page showed up instead of the expected Canvas login
• I didn't click anything on the page, no downloads, no attacker links touched

I've already reported this to Instructure security, AWS Educate support, and my institution's IT team. Posting here mainly to see if anyone else is experiencing this and to get a heads-up out before people unknowingly enter credentials on that page.

If you've used that login page recently, please:

• Don't enter credentials on the affected page until this is clarified
• Change your password if you've logged in there recently
• Enable MFA if you haven't already
• Do not follow any onion/TOR links shown on the defacement page, those are almost certainly malicious

Screenshot attached. Stay safe out there and let me know if you're seeing the same thing.

Researchers disclosed “Dirty Frag,” a Linux kernel vulnerability involving page-cache corruption in the decryption fast path that may allow local privilege escalation to root.

The bug is drawing comparisons to past kernel flaws like Dirty Pipe because of its potential impact on multi-user and containerized environments.

Technical analysis, affected systems, and mitigation details: https://thecybersecguru.com/news/dirty-frag-linux-kernel-root-vulnerability/

Wiz PoC. No publicly known exploits. Claimed they used AI to discover it.

>any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git pushcommand - using nothing but a standard git client.

>GitHub Enterprise Server customers should upgrade immediately - at the time of this writing, our data indicates that 88% of instances are still vulnerable.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Hello folks,

I just wanted to ask what note taking apps usually used in cybersecurity.

I would also like to ask structure of notes like title followed description followed by command followed by..., mean this what they are saying in most of youtube videos.