In May 2026, threat actor SHADOW-AETHER-015 compromised Instructure's Canvas LMS backend, exposing sensitive data from 8,809 global educational institutions. The breach, likely facilitated via API exploitation or third-party integration compromise, exposed PII and private communications, creating significant risk for highly targeted follow-on spear-phishing and credential abuse campaigns.