Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities

Graham Cluley @ 12:05 am, May 14, 2026  @grahamcluley.com  / grahamcluley Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous finance expert’s face has been showing up on Facebook adverts promising hot stock tips and exclusive WhatsApp investment groups. Spoiler: it isn’t him, the tips aren’t real, and you’re about to be scammed. Plus we chat to Mike Nichols of Elastic, about how the SOC isn’t dying, attackers and defenders are both deploying AI agents, and how the real security crisis is no longer human users – it’s the bots acting on their behalf. All this and more in episode 467 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer. Smashing Security #467 How ShinyHunters hacked the world's biggest universities ↺ 15 ↻ 30 0:00 0:00 0:00 0:00 1× Show full transcript ▼ Host: Graham Cluley:  @grahamcluley.com  @gcluley@mastodon.green  / grahamcluley Guest: Danny Palmer:  / dannypalmerwriter‬ Episode links: ICO fines South Staffordshire £963K over 2022 breach – The Register. US bank reports itself after AI customer data mishap – The Register. Hackers abuse Google ads, Claude.ai chats to push Mac malware – Bleeping Computer. Canvas hack: What we know about apparent cyberattack that impacted thousands of schools – CNN. Canvas hack: Company pays criminals to delete students’ stolen data – BBC News. Post by @amosmagliocco.bsky.social – Bluesky. Post by @sethcotlar.bsky.social – Bluesky. The Architecture of Deception: How a $187 Million Fraud Ecosystem Exploits Trust Across Australia and the United States – Group IB. The Fake Nobel that Duped the Romanian Academy – Scena9. A (Very) Short History of Life On Earth by Henry Gee – Waterstones. Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Sponsored by: Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off! Elastic – AI is transforming security operations, but security is still a data problem. Learn how context-rich data drives faster, more reliable defence. CoreView – How secure is your Microsoft 365 tenant? Find out with CoreView’s free Microsoft 365 Tenant Security Scanner. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser. Join Smashing Security PLUS for ad-free episodes and our early-release feed! Follow us: Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes. Thanks: Theme tune: “Vinyl Memories” by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Found this article interesting? Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post. Data loss Deepfake Podcast Privacy #Canvas #data breach #deepfake #Podcast #ransomware #Scam #ShinyHunters #Smashing Security #university Graham Cluley Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.