Morning Review in IT Security — May 4, 2026

The cybersecurity landscape continues to evolve with fresh threats emerging across educational institutions, enterprise software, and messaging platforms. Today's review covers significant breaches, detection errors affecting legitimate users, and coordinated fraud campaigns exploiting popular communication channels.

Instructure Confirms Data Breach Following ShinyHunters Attack

Educational technology company Instructure has officially confirmed that a data breach occurred during a cyberattack, with the extortion gang ShinyHunters claiming responsibility for the incident. The attack targeted Canvas LMS, Instructure's widely-used learning management system that serves educational institutions globally. Source: Instructure confirms data breach, ShinyHunters claims attack

Microsoft Defender Generates False Positives for Legitimate DigiCert Certificates

Microsoft Defender has begun incorrectly flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, triggering widespread false-positive security alerts across Windows systems. In certain cases, the detection has resulted in the removal of valid certificates from affected machines, potentially disrupting normal operations for users who rely on these certificates for secure communications. The issue impacts multiple certificate hashes and has broader implications for certificate trust infrastructure. Source: Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Ontario College of Health & Technology Breached via Unpatched Vulnerability

Ontario College of Health & Technology has been compromised in an alleged breach attributed to threat actor Shinigami, who exploited an unpatched WebHost Manager (WHM) vulnerability to gain unauthorized access. Student databases were exfiltrated during the attack, exposing sensitive educational records. The incident underscores the critical importance of timely patch management in institutional environments. Source: ‼️🇨🇦 Ontario College of Health & Technology has allegedly been breached, with student datab...

Telegram Mini Apps Exploited for Cryptocurrency Scams and Malware Distribution

Cybersecurity researchers have identified a large-scale fraud operation leveraging Telegram's Mini App feature to orchestrate cryptocurrency scams, impersonate established brands, and distribute Android malware. The campaign has deployed malicious Android APKs masquerading as applications from recognized companies including BBC, NVIDIA, CineTV, Coreweave, and Claro, while also distributing FEMITBOT malware. The abuse of Telegram's Mini App ecosystem demonstrates how legitimate platform features can be weaponized for financial fraud and malware delivery at scale. Source: Telegram Mini Apps abused for crypto scams, Android malware delivery

Today's threat landscape reflects persistent challenges across multiple sectors: educational institutions remain attractive targets for data theft operations, detection systems require careful tuning to avoid disrupting legitimate security infrastructure, and messaging platforms continue to be exploited as distribution channels for financial fraud and malware campaigns.