The Brief

The online education platform Canvas went offline after a data breach on Thursday, temporarily leaving students and faculty at thousands of U.S. colleges — and K-12 schools — without access to course materials and communications during finals period.

"I'm sure somewhere in the country when the outage happened, there probably were people actually taking final exams on the platform when it crashed," says Damon Linker, a senior lecturer in political science at the University of Pennsylvania.

Thirty million users — including at half of the higher education institutions in North America — rely on Canvas to manage courses, submit assignments, view grades and facilitate communication, according to its parent company, Instructure.

But when Linker and many other users tried to do so on Thursday afternoon, they met a black screen and a warning message.

"ShinyHunters has breached Instructure [again]," it read. "Instead of contacting us to resolve it they ignored us and did some 'security patches.'"

ShinyHunters is the same entity that took credit for a massive Ticketmaster data breach in 2024. Like many such groups, it's a cluster of young people working remotely together, "kind of like a ransomware gang," says Rachel Tobac, the CEO of SocialProof Security, which trains people and companies to defend themselves against hackers.

ShinyHunters wrote on a threat intelligence website earlier this week that the initial breach on Saturday involved data — including private messages — from 275 million students, teachers and staff at nearly 9,000 schools worldwide. The group said Thursday that affected schools can prevent the release of their data by consulting with cyber advisory firms and negotiating settlements through the encrypted chat platform Tox.

"You have till the end of the day by 12 May 2026 before everything is leaked," the hackers wrote.

Instructure has confirmed a series of cybersecurity breaches this week and provided status updates on its website. It said the breach only appeared to involve identifying information like names, email addresses, student ID numbers and user messages — no passwords, birth dates, government identifiers or financial information.

Instructure confirmed on an FAQ page that it started an investigation after it first detected unauthorized activity in Canvas on April 29, and took Canvas offline on Thursday after that same unauthorized actor "made changes that appeared when some students and teachers were logged in." They said the actor exploited an issue with its Free-for-Teacher accounts, which it has temporarily shut down.

"This gives us the confidence to restore access to Canvas, which is now fully back online and available for use," it said in a statement to NPR. "We regret the inconvenience and concern this may have caused."

It's not clear whether Instructure paid a ransom or what the return of Canvas access could mean for the hackers' May 12 deadline.

Tobac says Canvas could be back online because of a successful negotiation, or because the hackers "didn't get super far in their attack." Either way, she says users should stay vigilant, especially for phishing messages — whether it's someone posing as Canvas prompting a password change, or pretending to be a professor sending course materials.

"I would operate under the assumption that there's going to be some knock-on effects here," she says.

Not everyone got back online immediately 

Just before midnight on Thursday, Instructure posted online that "Canvas is now available for most users," though two separate services, Canvas Beta and Canvas Test, remained in maintenance mode.

Students and faculty at at least some schools were still unable to access Canvas on Friday — either because service had not yet been restored or because administrators warned them to stay away.

Penn State University, for example, said Friday morning that while the school's Canvas access had been partially restored, it was "not yet ready for use."

"Technical teams at Penn State are actively working to prepare the system for our community," it added. "As access is restored, Canvas integrations and related services will be brought back online in phases."

Several schools have taken similar approaches, either temporarily disabling Canvas access or outright asking users to steer clear. The University of California said across its schools, "Canvas access will not be restored until we are confident the system is secure."

And it's not just higher education: The Montgomery County Public School system in Maryland alerted families on Friday morning that even as service returned, it is "continuing to test and review systems before restoring access."

Tobac says this could mean that schools think the attackers might still be within their systems, potentially stealing information like passwords and messages.

"The attackers probably got some sensitive information and … [schools] don't want this information out online," she says.

Many schools are urging users to be on high alert for any unsolicited emails or messages that appear to come from Canvas, especially those requesting login credentials, as Georgetown University warned. The University of Amsterdam — which says it's one of 44 Dutch educational institutions affected — also recommends people change their passwords on any other sites where they use the same one.

Tobac also recommends using a password manager — to generate long, random passwords for each login — and turning on multi-factor authentication for all online accounts, not just Canvas. She says any student or professor who gets a suspicious call, text or email should "use another method of communication to verify what is authentic."

"Even if there was no breach yesterday, I would say these are the things that I recommend you do," she adds, urging people to "be politely paranoid."

The breach disrupts finals, highlights vulnerabilities

Several schools affected by the breach have already postponed or outright scrapped some final exams, with others warning students and professors that they might need to do so.

The University of Illinois is postponing all final exams and assignments scheduled through Sunday. Penn State canceled certain exams scheduled for Thursday night and Friday, saying it was working with faculty to "determine next steps for final grading" and urging students to check their emails (not Canvas) regularly in the meantime. And Baylor University delayed Friday exams and asked all faculty to send students "whatever study materials they have on their local computers to students as soon as possible."

The breach has underscored how much of academia relies on a single, centralized platform.

Linker, of UPenn, told NPR that he received an influx of panicked messages from students on Thursday afternoon when they suddenly couldn't access PowerPoints, readings and previous exams as they tried to study for Monday's final.

"The problem with using a platform like Canvas is that most [students] are not going to have the readings available printed out or on their laptops," he explains. "It all lives on the online platform, and if that platform goes down, they have no way to access them."

He told students on Thursday that he would upload the course materials to another platform (like Dropbox or Google Docs) if Canvas access wasn't restored by Friday morning. Fortunately, he says, it came back online shortly before 9 a.m. ET.

But Linker says he has concerns about relying fully on Canvas in the future.

"Given what this has exposed, the vulnerability involved and also the concern with the data breaches, I'm starting to rethink whether this is really a wise way to proceed," he says.

One example of that is grading. Linker says Canvas makes it so easy to calculate and weigh students' scores — on individual assessments and overall — that it's come to function as a digital grade book. Going forward, he says he may start keeping an analog record of students' grades just in case.

While Canvas does have competitors like Blackboard, Linker says he doesn't think any would be less vulnerable to a future breach. And Tobac agrees.

"The problem is not that this one website had this cyber event, right? Because nothing in this world is unhackable," she says. "The thing that we have to think about is disaster recovery: How do we continue doing business when there is a cyber event, and how do we do our very best to keep the bad actors out?"

Tobac says this week has shown that many institutions did not have a clear plan for how students and professors can be in touch and access course materials without Canvas. She said those plans should vary based on schools' different circumstances and schedules — which might explain why some are proceeding with finals as usual while others are scrapping exams altogether. But she'd like them to approach the immediate aftermath with one common goal.

"We have to treat people with dignity and respect," Tobac says. "And I hope that that is something that the institutions do, within their timelines and constraints."
Copyright 2026 NPR

The newest Air Force One jet, gifted to President Donald Trump from the Qatari government, arrived ahead of schedule Friday to Joint Base Andrews in Maryland.

On Friday afternoon, Trump toured the luxury Boeing 747 plane that initially stirred controversy. The plane was one of the biggest foreign gifts ever received by the U.S. government and raised legal and ethical questions after Qatar offered to replace the presidential jet last year. Trump said last May he'd be "stupid" not to accept the offer. Industry groups originally said the plane could be worth approximately $400 million.

Trump also spoke standing in front of the plane, thanking the Emir of Qatar.

The president praised the workmanship of the plane, describing it as the "world's most luxurious plane." He also called it the "largest Air Force One ever built," adding, "It flies further and faster than any Air Force One."

"This plane was transformed into a flying White House at a level of luxury that nobody's ever seen before, probably even almost outside of an airplane," Trump said. "Nobody's ever seen anything like this, and in only 10 months, a timeframe no one thought possible."

The exterior of the jet is no longer light blue, silver and white — a fixture since the Kennedy administration. Trump unveiled the new red, white and blue color scheme.

"It was time for a change. … Everything was designed good. It was my taste," Trump said, saying that he approved the new color scheme, which reflects the American flag.

The VC-25B Bridge aircraft will now undertake its commissioning flights, what the Air Force calls a "final exam" for the plane. The plane was modified after serving the Qatari Head of State.

"Once these flights are successfully completed, the aircraft is officially 'commissioned' into the active executive airlift fleet and becomes available for presidential missions," an Air Force press release said.

The aircraft from Qatar will "serve as a bridge until the [long-term] VC-25B is delivered," according to earlier communications from the Air Force. The plane was delivered well before expectations. The Air Force originally estimated the plane would be delivered in 2028 but said by modifying requirements it could deliver the first aircraft in 2027. The modifications "were carefully crafted to prioritize mission over aesthetics, leaving much of the previous head of state interior layout minimally changed," the Air Force said.

Air Force Chief of Staff Gen. Ken Wilsbach praised the delivery.

"Many thought it could not be done, but the United States Air Force was able to execute and provide a secure, reliable airborne command post on an accelerated timeline," he said.

Vice President JD Vance has delayed his trip to Switzerland to negotiate the terms of a peace agreement with Iran on Friday.

It's unclear exactly why the talks were called off at the last minute, with hundreds of journalists already waiting in the alpine city of Lucerne.

But the delay raises questions over the sturdiness of the memorandum of understanding to end the war, signed by President Donald Trump on Wednesday.

It came as Israel continued to heavily bombard Lebanon, despite the agreement promising to end all military operations, including in Lebanon.

Lebanese media said at least 18 were killed in overnight strikes, and Israel said four of its soldiers had been killed in fighting in southern Lebanon.

Here are more details about the agreement and challenges they face in this latest effort to end the conflict:

US lifts naval blockade

There was immediate progress after the preliminary agreement to end the three-and-half month conflict that has killed thousands of people across the Middle East, rocked the global economy and pushed millions more into poverty around the world, according to the United Nations.

The United States lifted its naval blockade on Iran.

The short memorandum of understanding also promises to end military operations on all fronts and reopen the Strait of Hormuz, the crucial waterway through which much of the world's oil, gas and fertilizer must pass to reach global markets.

The agreement prompted President Trump to celebrate on Truth Social writing: "Ships of the World, start your engines. Let the oil flow!"

But there are still many potential pitfalls. Even before the agreement was signed, Trump made its fragility clear: "It's a memorandum of understanding," he said at the G7 summit in France. "If I don't like it, if they don't behave, we'll go right back to dropping bombs right smack in the middle of their head."

The document doesn't solve the underlying reason for why the United States and Israel went to war with Iran. It creates a 60-day window — extendable by mutual agreement — for the two sides to resolve the enmity that goes back many decades.

Israel remains defiant against the deal

The preliminary agreement promises to end all military operations, including in Lebanon. Israel has invaded and taken large swaths of southern Lebanon in an offensive it says is targeting the Iranian-backed militia Hezbollah, which has killed more than 3,800 people, according to Lebanon's Health Ministry.

Iranian Foreign Minister Abbas Araghchi has made clear that Iran considers Israel's withdrawal from southern Lebanon essential. "Without the withdrawal of Israeli forces from the territories they occupied during this war, the war has not fully come to an end," Araghchi said.

Israel wasn't involved in the negotiations with Iran — though Trump said at a press conference this week that he had sent Israel a copy of the document before he signed it. Israeli Prime Minister Benjamin Netanyahu has remained defiant, saying his troops will remain in southern Lebanon for as long as Israel's security requires it.

The conflict in Lebanon is causing an extraordinarily open rift between Trump and Netanyahu. "He's a very difficult guy," Trump said of the Israeli prime minister recently said to The New York Times.

On Thursday, Israel's military released a new map ⁠showing an expanded area of southern Lebanon occupied by its troops, which it describes as a buffer zone.

"Trump's agreement does not bind us," Israel's far-right national security minister, Itamar Ben-Gvir, wrote on social media on Monday. "We are not partners to this agreement that does not ensure our security."

Vice President Vance hit back at critics in the Israeli government, warning at a press conference that "Donald J. Trump is the only head of state in the entire world who is sympathetic to the nation of Israel at this moment in time."

Trump signed the deal to avoid 'economic catastrophe'

The agreement promises "the immediate and permanent termination of military operations on all fronts" — including in Lebanon, where Israel has continued its offensive. Iran and the United States also promise "not to initiate" any further war or operation against each other. Not long after Trump signed the memorandum, U.S. Central Command said Thursday it had ended its naval blockade of ships to and from Iranian ports, as promised in the agreement.

Iranian state media reported the country's national security council will suspend tolls paid by ships for 60 days, per the deal, but that ships must still request Iran's permission — through a newly established Persian Gulf Strait Authority, before passing through the Strait of Hormuz, which was once considered an international waterway.

Increased ship traffic through the strait will come as a relief to Trump, whose approval ratings have been sliding as Americans see soaring gasoline prices and spiking inflation. Last month Trump insisted he doesn't think about Americans' financial situation in his approach to Iran.

But this week he acknowledged at a news conference that he had signed this agreement because he "didn't want to see an economic catastrophe."

The memorandum gives major concessions to Iran

Trump has repeatedly called the Iran nuclear deal — formally known as the Joint Comprehensive Plan of Action (JCPOA) — presided over by President Barack Obama in 2015 the "worst deal ever," and Trump abandoned the agreement in his first term in office. But the framework agreement signed this week hands major financial concessions to Iran that could ultimately go much further than the Obama-era arrangement.

The document says the U.S. will work with regional partners to create a fund of "at least $300 billion" for Iran's reconstruction and economic development. Vice President Vance has said Gulf Arab nations would invest that amount.

It also promises that the U.S. will unfreeze Iranian funds and assets that amount potentially to tens of billions of dollars. Mohsen Rezaei, military adviser to Supreme Leader Mojtaba Khamenei, told CNN Iran wants to see the release of $24 billion.

These commitments do depend on further negotiations. But the Trump administration also plans to issue sanction waivers to allow Iran to immediately sell its oil. The waiver concedes a major point of potential leverage at the start of these 60-day talks.

And the interim deal also opens the door to ending all U.S. and international sanctions on Iran. Iran has been under a plethora of U.S. sanctions since the 1979 Revolution. The penalties have kept Iran cut off from the global economy, preventing it, for example, from accessing the international banking sector. This new pledge goes far beyond the JCPOA deal, which removed some sanctions in exchange for Iran reducing its stockpile of uranium.

The negotiation over Iran's nuclear program

President Trump has boasted he will achieve a much "better" agreement than the JCPOA. The substantive talks on this are yet to begin, but so far, the commitment Iran has made in the memorandum that it "shall not procure or develop nuclear weapons" is the same promise it has made for years, including in the 2015 nuclear accord.

The details of Iran's nuclear program are complex and technical. The JCPOA was negotiated over years by the U.S., U.K., France, Germany, Russia and China, with nuclear physicists and non-proliferation experts, and ran to 159 pages. Trump's framework was negotiated bilaterally by Steve Witkoff and Jared Kushner — a property developer and the president's son-in-law. An Iranian diplomat who spoke to NPR on condition of anonymity because they were not authorized to speak publicly told NPR they believed the last round of talks with the Trump administration did not progress because "the Americans at the table did not understand the subject."

The U.S. had been negotiating with Iran over its nuclear program before abruptly launching the bombing campaign with Israel on Tehran that began this war on Feb. 28. For this latest round of talks, Witkoff and Kushner visited the national lab in Oak Ridge, Tenn., earlier this month for consultations with a team of technical experts that could play a role in nuclear negotiations with Iran.

Has Iran come out of the war stronger?

Trump began the conflict promising to set conditions for regime change in Iran. "I say tonight that the hour of your freedom is at hand," he told Iranians in a televised address on Feb. 28. "When we are finished, take over your government. It will be yours to take."

It was a nightmare scenario for the Iranian regime, to face down the bombardment from two of the world's most powerful militaries. The war killed more than 3,300 Iranians, according to state media, including top leaders, and pounded the country's infrastructure and armed forces. But the regime's survival, and its ability to target U.S. assets in the region and control the Strait of Hormuz, empowered Iran.

The country has learned "that threatening the Strait of Hormuz works," Bill Cassidy, Republican senator from Louisiana, said in a blistering attack on the Trump administration. He called the offensive against Iran "the worst foreign policy blunder in decades."

Iran's response forced the Trump administration to set aside the goal of regime change to focus on seeking a way to reopen the vital strait.

"The only 'achievement' of the ceasefire is the likely reopening of the Strait of Hormuz — which was open before the war started. And we will apparently pay Iran to do so," Antony Blinken, who was secretary of state under former President Joe Biden, posted on X.

Trump has countered critics by saying on social media that anyone who thinks he hasn't "been tough enough on Iran," when the stock market is high and oil prices are falling, is either jealous, bad or stupid. And Vance called on critics to "have a little bit of faith in the president of the United States."

But in a hard accounting of the war, the facts are undeniable: Iran's closure of the Strait of Hormuz gave it the leverage to secure from Trump concessions that unlock vast sums of money — even more, potentially, than under Obama.

And regarding Iran's nuclear program, the Iranians so far appear not to have offered Trump any more concessions than they did at the Geneva talks two days before the U.S. and Israel launched their offensive in February.

Now new negotiations are set to begin, and the Iranians will be coming to the table having shown Trump, and the world, the power they can wield over the global economy.

The Lincoln Memorial Reflecting Pool has witnessed more than a century of American history, in all its heartbreak and majesty. Crowds have gathered around it in protest and in praise, to denounce American wars and hear great voices sing and speak.

Today, it's the center of a slimy controversy.

President Donald Trump said in April he found the water in the reflecting pool "filthy" and "disgusting." He authorized a no-bid contract to resurface the basin of the 2,000-foot long pool and paint it "American flag blue" in time for July 4th celebrations.

"I have a guy who's unbelievable at doing swimming pools," the president crowed, before the National Park Service gave out no-bid contracts for sealing and upgrades.

After weeks of renovation, the project has cost taxpayers more than $14 million and … the reflecting pool looks green. And I mean green. Like the Chicago River on St. Patrick's Day. But that river is dyed green for a day. The Lincoln Memorial Reflecting Pool is green because of algae.

Look, algae happens. It's clouded the reflecting pool since it was first filled in 1923. Algae blooms flourish when sunlight falls on warm, sluggish water — like you'd find in a shallow, still pool absorbing the glare and swelter of a Washington, D.C., summer.

But a University of Virginia satellite analysis commissioned by the Washington Post saw more algae in the Reflecting Pool this month than at any other time in the past five years.

The Interior Department says workers have deployed "a state-of-the-art ozone nanobubbler filtration system" to banish the algae.

"President Donald J. Trump is an expert builder who has fixed the reflecting pool for good," spokesperson Kate Martin said in a statement this week, "unlike the failed and extremely costly attempt by Obama and Biden."

That's a reference to a major project during President Barack Obama's first term to stop the pool from sinking and add a filtration system.

In these deeply divisive and partisan times, it's good to remind ourselves that many issues aren't just Republican red or Democratic blue. The Reflecting Pool algae doesn't care about our party lines. It's green, and it's not going anywhere.

Two smoke relief centers are now open for residents impacted by the Boyle Heights warehouse fire.

The centers in Boyle Heights and East L.A. offer resources such as masks, food, water, temporary shelter, pet assistance and information from public health and air quality officials. They’re open 24 hours a day until further notice.

The city’s Department of Recreation and Parks and Councilmember Ysabel Jurado’s office opened the Pecan Recreation Center as a smoke relief center Friday. A second center opened Saturday at City Terrace Park through the office of L.A. County Supervisor Hilda Solis. 

Here’s where they’re located: 

The fire broke out Wednesday, prompting an hours-long shelter-in-place order due to hazardous materials, including ammonia.

On Friday, a wind-driven flare-up at the site of the fire sent plumes of smoke over the city, hours after a second shelter-in-place order was lifted. Residents in the immediate area reported seeing ash on their homes and cars. On Saturday, many across Los Angeles County — from Pasadena to the West Adams neighborhood — also reported smelling smoke and experiencing poor air quality.

Two smoke relief centers are now open for residents impacted by the Boyle Heights warehouse fire.

(

Courtesy City Terrace resident

)

Jurado and her team were in the residential neighborhood near the fire site Friday, distributing air purifiers and masks. She said community groups, including Proyecto Pastoral, Running Mamis and Centro CSO, also went door to door distributing masks. 

Residents can contact Jurado’s office at Boyle Heights City Hall to request air purifiers and masks or to make donations at (323) 526-9332.

Los Angeles Mayor Karen Bass spoke outside the building Friday evening, praising firefighters’ efforts. She added that people in the area could expect to continue to see smoke, and she urged people and their pets to stay inside as much as possible. She asked people to wear masks when they needed to go outside.

“We know that this is concerning. This is inconvenient, but we are doing everything we can to end this as soon as possible,” she said. “And we want everyone to be safe in the meantime.”

Read more:

• What materials burned in the fire and what to know about air quality
• How to keep yourself safe from the dismal air quality driven by fires

The post Smoke relief shelters open for residents impacted by Boyle Heights warehouse fire appeared first on LA Local.