Home · Live brief · Weekly 2026-W27
Education
notable synthesis discovered 2026-06-29 00:21 UTC
Entities: ShinyHunters
Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))
Education was a structural victim class. The ShinyHunters Canvas/Instructure breach hit 160 UK universities per the UK CMC sector review (ransom paid, limited downstream damage). The unpatched ILIAS 11.0 SQL-injection (CVE-2026-12789, PoC-public, no patch) directly exposes the DACH learning-management estate, and self-hosted Gitea CI (§ 3) is concentrated in universities. The common thread: education runs exposed CMS/LMS/forum and developer stacks with thin operational security.