// Alert

Canvas threat report

ShinyHunters exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft between May 27 and June 9, 2026, affecting over 100 organizations—68% in higher education. The threat group, previously linked to the Canvas breach, gained unauthorized access to student records and other sensitive data. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and mandated remediation for federal agencies by June 14.

// Get alerts for Canvas