eu platform, discovered on March 24, according to spokesperson Thomas Regnier. A threat actor claiming to be ShinyHunters alleged on March 28 that they stole more than 350 GB of data from the EU. The attack affected part of the EU's cloud infrastructure, but internal systems remained unaffected, Regnier said.
At least one AWS account may have been exploited, reports indicate, though AWS denied any security incident within its cloud environment. Early analysis suggests data may have been exposed, but the extent is still unclear. eu websites, and separation between public cloud infrastructure and internal networks limited the breach's scope.
This is the Commission's second confirmed intrusion in two months. The authenticity and full extent of the alleged EU data leak have not been independently verified. ShinyHunters has been linked to major breaches including AT&T, affecting over 110 million customers in April 2024, and Ticketmaster via a Snowflake-related campaign.
The group has also been tied to attacks on Santander, PowerSchool, and Crunchbase. According to Google's Threat Intelligence Group, ShinyHunters relies heavily on social engineering, especially vishing, to steal credentials and access SaaS environments, and has expanded across multiple cloud platforms focusing on services like Salesforce, Okta, and Microsoft 365. US prosecutors charged student Matthew Lane from Massachusetts for the PowerSchool breach.
A new alliance called Trinity of Chaos, tied to Lapsus$, Scattered Spider, and ShinyHunters, hit 39 firms via Salesforce flaws and launched a Data Leak Site on the TOR network. Affected companies include Aeromexico, AirFrance, Google, Cisco, Stellantis, and Qantas Airlines. Resecurity reports the group has shifted toward a traditional ransomware modus operandi.
Stellantis disclosed a data breach affecting its North American customers in September 2025, and an attack on Jaguar Land Rover severely disrupted its retail and production activities. The majority of leaked data samples lack passwords but contain substantial amounts of PII. The stolen records likely originate from impacted Salesforce instances through vishing attacks and stolen OAuth tokens used for Salesloft’s Drift AI chat integration.
The FBI issued a flash warning outlining technical indicators to monitor for Salesforce environment infiltrations. A previous Resecurity report uncovered a global cybercrime campaign led by the alliance of LAPSUS$, ShinyHunters, and Scattered Spider. 5 billion records.
Resecurity analysts warn that new victims and incidents are only now coming to the surface, and cybersecurity experts caution that cybercriminals may exploit stolen data for malicious purposes including harmful AI applications. Canvas is one of the most widely deployed learning management systems in the world, used by over 9,000 educational institutions globally, according to major media reports. ShinyHunters claims users from around 30 Swedish universities and colleges are affected, including Gothenburg University, Lund University, Stockholm University, Uppsala University, Chalmers, and KTH.
In spring 2024, a survey sent to students at Swedish universities and colleges found that 87% rated their education as fairly good or very good overall, but 42% often experience stress or anxiety due to their study situation, with women affected to a greater extent than men. Every other student requested more practical elements such as field studies and labs. Additionally, 54% of students have used AI in their studies, with 81% of civil engineering students using AI.
extracts from email servers, databases, confidential documents, contracts and other sensitive material
A separate survey by Strato/Kantar Sifo found that 88% of Swedish students are familiar with the most popular AI services, compared to 65% of employed people, and 66% of students use AI to analyze reports or documents, compared to 31% of employed people. Instructure confirmed that personal information belonging to users was exposed in a cyberattack, and by Saturday updated its statement to confirm user data was involved. The company stated that the information consists of certain identifying information such as names, email addresses, and student ID numbers, as well as messages among users, but found no evidence that passwords, dates of birth, government identifiers, or financial information were compromised.
Instructure deployed patches, increased monitoring, and rotated application keys, requiring customers to re-authorize access to Instructure's API to receive new application keys. The company is collaborating with external cybersecurity experts and law enforcement to investigate the incident and has shut down Canvas Data 2 during the investigation. Instructure has not commented on whether it is facing extortion demands or on the timeline of the breach.
The gap between Instructure's confirmed disclosure and ShinyHunters' claims is significant and has not been independently verified. ShinyHunters claims the breach affected nearly 9,000 schools worldwide and exposed data belonging to 275 million individuals, but Faktakoll notes this number is exaggerated and not specified in the source material. Similarly, ShinyHunters claims several billions of private messages were stolen, a claim not supported by the source material according to Faktakoll.
58% of full-year students. Suspensions increased marginally, while warnings decreased by 13%. Lund has one of the lowest proportions of disciplinary cases in the country, second only to Chalmers.
Nationally, the most notable increase is in unauthorized use of AI tools, with disciplinary cases more than doubling from 108 in 2023 to 237 in 2024. Cheating cases have gradually decreased as universities returned to on-site teaching with hall exams. The most common reason for suspension at Lund University in 2024 was plagiarism, with 66 students suspended.
In spring disciplinary board cases at Lund, 23 students were suspended for periods between two and six weeks, with the Medical Faculty having the most suspensions and no cases registered at the Faculties of Law, Science, or Fine Arts. At Lund University, the Unit for Educational Support helps teachers prevent cheating by promoting inclusive teaching and active learning, and supports use of digital tools like Canvas and responsible use of generative AI. Material from a project on misleading examinations, led by Elin Bommenell, is made available by the Libraries at Lund University.
Magasin Macken uses AI to create illustrations and collect background facts, statistics, and references; all information is checked before publication. Lund University started a pilot project in autumn 2022 to prevent misleading examinations. The project shows that preventive work requires more than just information – it requires practice, and that society is the commissioner of education and must be able to trust degrees.
Teachers request clear information, support in conversations with students, and help when cheating is suspected. Preventive work is a pedagogical issue, not a disciplinary one. The project, together with the Department of Political Science and the Medical Programme, has produced videos and workshop materials for students, teachers, and librarians.
The material is available in Swedish and English and is managed by the university library; it can be found in Canvas Commons. The project will be presented and the report published on November 21.