Simply Cyber Newsletter #181

In partnership with

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter.

FOR END USERS

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats. Education technology company Instructure disclosed a cyberattack affecting its Canvas platform after hackers accessed student and teacher data including names, email addresses, student IDs, and messages. The threat group ShinyHunters later allegedly defaced multiple school login pages and threatened to leak stolen data tied to thousands of institutions worldwide unless a ransom demand is met.

What you need to know: Data breaches create risk long after the original incident. When attackers get hold of real details such as names, email addresses, student or employee IDs, private messages, they use that information to make phishing feel legitimate.

Expect to see things like fake school or HR notices, password reset prompts, tuition or invoice requests, document-sharing alerts, and messages that look like they come from a teacher, coworker, vendor, or platform you actually use. The details will often be accurate. That's the point.

The lesson isn't really about Canvas. It's about what happens when attackers stop guessing and start using real information to earn trust.

A few habits that hold up against this:
• Slow down when a message feels urgent, emotional, or unusually specific to you.
• Don't click links or scan QR codes from unexpected emails or texts. Go directly to the official website or app.
• Verify through a known channel. Call the person, open the app yourself, or ask IT.
• Report anything suspicious, even if it involves a personal account. One believable scam at home can quickly become a workplace incident.

The attackers are counting on the fact that real data makes fake messages feel real. Your best defense is the pause before the click.

FOR PEERS

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats. Education technology company Instructure disclosed a cyberattack affecting its Canvas platform after hackers accessed student and teacher data including names, email addresses, student IDs, and messages. The threat group ShinyHunters later allegedly defaced multiple school login pages and threatened to leak stolen data tied to thousands of institutions worldwide unless a ransom demand is met.

What you need to know: Third-party breaches are increasingly evolving into trust-based attacks, and this one is a clear example. What started as data exposure became an attack against the login experience itself. Threat actors are going after user confidence and operational trust, not just records. Combined with reported login page defacements and extortion pressure, this creates ideal conditions for believable phishing, credential harvesting, and impersonation in the weeks ahead.

Worth pressure-testing in your own environment. How fast does your team learn about vendor incidents, and how is that communicated internally before users see suspicious messages. How do you validate emergency notifications that appear to come from a SaaS provider, especially when the provider itself may be compromised. Where do API key management, token revocation, and privileged access controls stand for externally accessible accounts, including free tier or sandbox environments that often get less scrutiny. If your incident communications playbook does not cover vendor-originated attacks, this is the moment to build it.

FOR EXECUTIVES

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats. Education technology company Instructure disclosed a cyberattack affecting its Canvas platform after hackers accessed student and teacher data including names, email addresses, student IDs, and messages. The threat group ShinyHunters later allegedly defaced multiple school login pages and threatened to leak stolen data tied to thousands of institutions worldwide unless a ransom demand is met.

What you need to know: This incident highlights how quickly a third-party cyberattack can evolve into a larger trust, operational, and reputational challenge. What began as a data breach involving student and teacher information escalated into public extortion attempts and tampering with the platform itself, designed to pressure both the vendor and its customers.

Leaders should recognize that platforms deeply integrated into daily operations, especially those tied to communication, collaboration, workflow, or identity, become high-impact targets because users inherently trust them. Incidents like this can disrupt business continuity, increase phishing and fraud exposure, and create confusion across employees, customers, and partners long after the initial breach is contained.

This is an opportunity to review how your organization evaluates third-party risk, communicates vendor incidents internally, and prepares for scenarios where trusted external platforms become part of the attack chain. The question worth asking your security and risk leaders is whether your incident response plan accounts for vendor-originated trust attacks, not just data loss.

Organizations that prepare for the trust impact of a breach, not just the technical impact, are often far better positioned during crisis response and recovery.

200+ Claude Prompts Top Professionals Actually Use at Work

Claude can be your analyst, editor, and strategist.
But most professionals are using it to fix grammar.

These 200+ Claude prompts take it from grammar tool to your most powerful AI work assistant.

Sign up for Superhuman AI and get:

• 200+ ready-to-use Claude prompts to get real work done in minutes — researched, tested, and used by professionals at Google, Microsoft, and NASA

• Superhuman AI newsletter (4 min daily) so you keep learning new AI tools and skills to stay ahead in your career — the prompts are just the beginning

Claim your free prompts

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EDT. https://cyberthreatbrief.simplycyber.io

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

NEW VIDEO: MODERN EMAIL SECURITY WITH MATERIAL

The Part of Email Security Nobody Is Talking About (Until It's Too Late)

Email is still the #1 way attackers get into your organization and most companies are still relying on the same perimeter-based email gateway model that wasn't built for modern threats like business email compromise, vendor impersonation, or account takeover.

In this video, I go hands-on with Material Security for 10 days in a real Google Workspace environment to show you what a modern, API-based approach to email security actually looks like, from setup to threat detection to sensitive data scanning.

This isn't a surface-level overview. We go deep.

🔗 Check out Material Security: https://material.security/product?utm_source=youtube

📌 What's Covered:
- Why traditional Secure Email Gateways (SEGs) are broken for modern threats
- How Material Security's API-based architecture works (no MX record changes)
- Real threat detection demo — including a live phishing test
- The "herd immunity" feature that remediates threats org-wide automatically
- Sensitive data scanning: SSNs, credit cards, wire transfer info sitting in your inbox
- Account takeover monitoring and MFA enforcement on historical messages
- Who Material Security is actually built for (lean IT/security teams)
- GRC compliance implications: SOC 2, HIPAA, PCI

Watch now on Simply Cyber Media Group: https://www.youtube.com/watch?v=u3d2dSF-l0k

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking every day of the work week on YouTube: youtube.com/@simplycyber 

Connect with the SC Discord community: simplycyber.io/discord

SIMPLY CYBER MONTHLY EVENTS LINEUP

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy!

SIMPLY CYBER ACADEMY BLOG HIGHLIGHT

Check out the highlighted blog on Simply Cyber Academy: https://academy.simplycyber.io/p/Blog?p=what-is-grc-in-cybersecurity-entry-level-career-guide 

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry