A cybercrime group linked to ShinyHunters expanded activity targeting Canvas systems and related enterprise software at colleges and universities, according to reporting based on a Google Threat Intelligence Group and Mandiant blog post. The briefing says ShinyHunters gained access to Oracle PeopleSoft software across more than 100 organizations between May 27 and June 9. Universities were disproportionately represented, with about 68% of affected organizations described as colleges or universities and most activity occurring in the U.S. Oracle sent a security alert on June 10, and the report indicates that some institutions remediated quickly while others experienced compromise and had data published on the DLS. The University of Nottingham in England confirmed it was involved, and the incident underscores the cascading risk of identity and HR systems being exposed alongside learning-platform infrastructure.