MOVEit Bug Returns to Haunt Us & 275M Canvas Users Exposed 🚨
Two stories landed today that anyone running a business — or just sending a kid to school — should know about. One is a critical flaw in software that moves sensitive files between organizations. The other is a massive data breach hitting one of the most-used learning platforms on the planet.
1. The MOVEit Vulnerability Nightmare Is Back
Progress Software just disclosed a critical flaw (CVE-2026-4670) in MOVEit Automation that lets attackers bypass login entirely — no password, no user interaction, just remote access. If that name sounds familiar, it should: the same product family was at the center of the 2023 Clop ransomware spree that hit more than 2,100 organizations.
Researchers have already spotted over 1,400 exposed MOVEit instances on the public internet, including more than a dozen tied to US state and local governments. Because MOVEit is used to shuttle sensitive data — payroll, healthcare records, tax info — between organizations, a single compromised instance can ripple through hundreds of downstream companies. If your business uses MOVEit Automation, patch immediately to versions 2025.1.5, 2025.0.9, or 2024.1.8.
2. Canvas Maker Instructure Hit by Massive Breach — 275M People Affected
Instructure, the company behind the Canvas learning platform used by schools and universities worldwide, has confirmed a cyberattack that exposed names, email addresses, student IDs, and private user messages. The hacking group ShinyHunters claims it walked away with 3.65 terabytes of data covering 275 million individuals — and even gained access to Instructure's internal Salesforce instance.
If you, your kids, or your employees have ever used Canvas for a class, training, or certification program, your information may be in this dataset. Watch for phishing emails that reference school or coursework details, change any reused passwords tied to your Canvas account, and stay alert to suspicious calls or texts that name-drop personal information to seem legitimate.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment