The Canvas / Instructure Breach – 2026-05-11 – BHIS - Talkin' Bout [infosec] News

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity ( https://www.youtube.com/@BlackHillsInformationSecurity )

Chat with us on Discord! -
https://discord.gg/bhis ( https://discord.gg/bhis )
🔴live-chat

This episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.

Chapters
00:00 - PreShow Banter™ — Californian Problems
02:25 - The Canvas / Instructure Breach – 2026-05-11
10:23 - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide
13:45 - Story # 1b: Security Incident Update & FAQs
43:14 - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
47:34 - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.
52:19 - Story # 4: Trellix source code breach claimed by RansomHouse hackers
58:12 - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity
Links

Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide ( https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/ )
Story # 1b: Security Incident Update & FAQs ( https://www.instructure.com/incident_update )
Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer ( https://github.com/wazuh/wazuh/security/advisories/GHSA-m8rw-v4f6-8787 )
Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent. ( https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/ )
Story # 4: Trellix source code breach claimed by RansomHouse hackers ( https://www.bleepingcomputer.com/news/security/trellix-source-code-breach-claimed-by-ransomhouse-hackers/ )
Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity ( https://dailysecurityreview.com/cyber-security/rose-acre-farms-targeted-in-alleged-lynx-ransomware-attack/ )

Wade's Workshop: Threat Actor Profiling: Know Your Enemy ( https://www.antisyphontraining.com/product/workshop-threat-actor-profiling-know-your-enemy/ )
Alethe Denis' Webcast: How to Build a Bulletproof Pretext ( https://events.zoom.us/ev/Ak0QfH-0slzbUnzlPw33H16OpgN5Yz8AJ2MekKZtpT0WUMAsXxop~AqwV-XglEw9Gp537Fh_j8XdRCm5tk52OKcMOZiu3GVxowS7KK-crbjh8fQ )
Alethe Denis' Workshop: How to Build Pressure-Proof Pretexts ( https://www.antisyphontraining.com/product/workshop-how-to-build-pressure-proof-pretexts/ )
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.com ( https://poweredbybhis.com/ )
Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com ( https://www.blackhillsinfosec.com/ )
Antisyphon Traininghttps://www.antisyphontraining.com/ ( https://www.antisyphontraining.com/ )
Active Countermeasureshttps://www.activecountermeasures.com ( https://www.activecountermeasures.com/ )
Wild West Hackin Festhttps://wildwesthackinfest.com ( https://wildwesthackinfest.com/ )

Talkin' Bout [Infosec] News
Episode 19, Season 6
May 12, 2026

★ Episode details: https://share.transistor.fm/s/a6d8bc43

★ Additional episodes: https://bhisnews.transistor.fm

Видео The Canvas / Instructure Breach – 2026-05-11 – BHIS - Talkin' Bout [infosec] News канала Black Hills Information Security