Instructure confirmed a ShinyHunters breach earlier this month and later took Canvas offline, setting off cascading disruptions as universities moved through final exam and end-of-semester grading windows. Multiple threat-actor messages were reported by universities and student newspapers, and institutions responded with grace periods and exam rescheduling. The second wave of disruptions—an additional incident within about a week—has again prompted campuses to disable Canvas functionality temporarily while Instructure investigates. Instructure said the actor exploited issues tied to its Free-For-Teacher accounts and that Canvas is back online, but the incident timeline has left many instructors and students scrambling for alternate access to course materials. The most immediate higher-ed consequence has been operational: sudden access loss to grades, assignments, and lecture content. Several universities canceled or pushed back exams, while others provided workaround guidance and extended submission deadlines to prevent student disadvantage during outage windows. K12 and higher-ed leaders are also being forced into renewed incident-response scrutiny, with security nonprofits comparing the attack pattern to prior large education-platform breaches. The repeated targeting of Canvas elevates questions about vendor risk management, incident communications, and institutional contingency planning.