Instructure’s Canvas learning management system is facing renewed disruption after a second cybersecurity incident in less than two weeks, with colleges suspending or pushing back final exams amid the outage. The breach follows an April 29 incident tied to Canvas “Free-For-Teacher” account weaknesses and a May 7 compromise, according to Instructure updates. Instructure said it discovered unauthorized access on April 29 and later confirmed the actor made changes to pages shown when some students and teachers were logged in. The company took Canvas offline to contain access, temporarily shut down Free-For-Teacher accounts, and later restored access while forensic work continued. Multiple universities reported messages from “ShinyHunters” and warned of possible data exposure. Universities including Pennsylvania State University canceled tests administered Thursday night and Friday in response to the latest disruption. Other campuses—including the University of Pennsylvania, Harvard University, the University of Oklahoma, and multiple University of California campuses—reported similar communications tied to the threat actor’s leak deadline. The incidents are adding operational strain for student assessment cycles and raise renewed governance questions for higher ed LMS security programs, particularly around vendor account configurations that can become a campus-wide outage trigger.