CNN poll sounds alarm bells for Trump on the economy

California mayor charged with acting as illegal agent for China: Who is Eileen Wang?

James Comey says he will 'stand up and defend himself' following indictment

Sen. Graham says he doesn't 'trust Pakistan' as Iran mediator

What Satellite Images Reveal About Iran’s Attacks on U.S. Bases

Instructure, the maker of Canvas LMS, used by half of all colleges and universities in North America, struck a deal on Monday with the hacking criminal group ShinyHunters to return the stolen data and destroy any copies, although the company didn’t say what it had given in exchange, not disclosing the monetary value. The company announced made the announcement this way: “Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement: The data was returned to us. We received digital confirmation of data destruction (shred logs). We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise. This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor. While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses.” We are currently organizing a webinar with Instructure leadership to detail information about the cyber attack and our activities to harden the system. We currently believe it will be on May 13 and will be done in multiple time zones.” Canvas has more than 30 million active users worldwide, according to Instructure. The platform is used by teachers and students for coursework management and communications. Instructure said the data compromised in the hack included usernames, email addresses, course names, enrollment information, and messages. ShinyHunters warned that it would leak an unspecified amount of data on May 12 if it did not receive a response from Instructure. In its May 3 ransom note, the group had threatened to leak “several billions of private messages among students and teachers.” Not much is known about ShinyHunters, which is believed to have been formed around 2020. Its goal appears to be to obtain and sell personal records. One of its high-profile attacks was against Ticketmaster in 2024, when the hackers said they had stolen the user information of more than 500 million customers. Instructure did not immediately respond to questions about whether any law enforcement agencies were involved in its dealings with the hackers. The F.B.I. advises against paying ransom to hackers, saying it does not guarantee data security and encourages attackers to target more victims.

Escalation: Sen Kelly knocks Hegseth amid 2nd investigation threat

Wildfire burn thousands of acres

At least 18 federal class-action lawsuits have been filed against Canvas LMS’s parent company, Utah-based Instructure, following last week’s data breach, while the company issued an apology after final exams at numerous universities were halted. “Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn’t get answered. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that,” Instructure CEO Steve Daly wrote in a new post. The hacking group behind the outage, ShinyHunters, also stole data on potentially tens of millions of students across nearly 9,000 schools. The company’s ongoing investigation found that “usernames, email addresses, course names, enrollment information, and messages” were exposed. That’s slightly different from Instructure’s initial findings, which said that “names, email addresses, student ID numbers” had been affected. That said, usernames and email addresses can still expose a student’s full name. Daly added: “We’re still validating all findings, but we want to be clear about what we understand was and wasn’t affected.” Instructure’s CEO also revealed that hackers exploited a “vulnerability regarding support tickets in our Free for Teacher environment,” a service that enables teachers to use some Canvas services at no cost. In response to the hack, Instructure has temporarily shut down the Free-for-Teacher service. • The great 2026 Canvas-ocalypse by Bryan Alexander • Instructure Is Risking the Trust That Built Canvas by Phil Hill

How Trump Is Prioritizing White People as Refugees