--- title: "Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist | DMARC Report" description: "DMARC Report Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast." image: "https://dmarcreport.com/og/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist.png" canonical: "https://dmarcreport.com/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist/" --- Quick Answer This past week was one of the most turbulent in recent memory for the cybersecurity world. From a brazen ransomware assault on millions of students just ahead of finals, to a critical unpatched firewall flaw putting Fortune 500 companies at risk, to a nation-state group disguising espionage as a ransomware attack, the threat actors were busy. Here’s your full roundup. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcanvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Canvas%20Breach%20Crisis%2C%20PANOS%20ZeroDay%20Exploited%2C%20Teams%20Credential%20Heist&url=undefined%2Fblog%2Fcanvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcanvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcanvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist%2F&title=Canvas%20Breach%20Crisis%2C%20PANOS%20ZeroDay%20Exploited%2C%20Teams%20Credential%20Heist "Share on Reddit") [ ](mailto:?subject=Canvas%20Breach%20Crisis%2C%20PANOS%20ZeroDay%20Exploited%2C%20Teams%20Credential%20Heist&body=Check out this article: undefined%2Fblog%2Fcanvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist%2F "Share via Email") ![cybersecurity news](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-analyzer-6473.jpg) ![cybersecurity news](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-report-6381-150x150.jpg) DMARC Report Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist Play Episode Pause Episode ![Loading](https://dmarc.temp927.kinsta.cloud/wp-content/plugins/seriously-simple-podcasting/assets/css/images/player/images/icon-loader.svg) Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 2:29 Subscribe Share RSS Feed Share Link Embed This past week was one of the most turbulent in recent memory for the [cybersecurity](/blog/major-cybersecurity-trends-that-will-reign-in-2024/) world. From a brazen ransomware assault on millions of students just ahead of finals, to a critical unpatched firewall flaw putting Fortune 500 companies at risk, to a **nation-state group** disguising espionage as a ransomware attack, the [threat actors](https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/beware-of-mcp-hardcoded-credentials-a-perfect-target-for-threat-actors) were busy. Here’s your full roundup. ## ShinyHunters Holds 275 Million Students Hostage via Canvas Breach The hacking group ShinyHunters claimed responsibility for a major breach of Instructure’s [Canvas learning management](https://www.securityweek.com/cyberattack-hits-canvas-system-used-by-thousands-of-schools-as-finals-loom/) platform, which was used to manage grades, course notes, assignments, and lecture videos across thousands of schools. Instructure said it first detected unauthorized activity on April 29\. After noticing the intrusion, it revoked the attacker’s access and brought in outside **forensic experts**. _On May 5, it notified impacted schools. Then on May 7, it found more unauthorized activity tied to the same April 29 incident, this time, someone had changed the login pages students and teachers see when accessing Canvas._ If Instructure didn’t pay up, the hackers threatened to leak “several billions of private messages among students and teachers.” The group told Instructure to reach out by May 6 before they would begin [leaking data](https://www.foxnews.com/tech/1-billion-identity-records-exposed-id-verification-data-leak), warning the company to “**make the right decision**.” ShinyHunters subsequently escalated the campaign by defacing school login portals with ransom messages. The timing, right before final exams, added maximum disruption pressure on institutions. **DMARC** and [email authentication](/blog/a-basic-guide-to-email-authentication-for-legal-professionals/) won’t directly stop a platform breach of this scale, but they remain crucial in the inevitable wave of [phishing emails](https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html) that follow any major incident, fake “urgent account notices” that prey on panicked students and parents. ![Education Sector Breach](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-analyzer-8511.jpg) ## Critical Palo Alto PAN-OS Zero-Day Under Active Exploitation A critical buffer overflow vulnerability in the User-ID Authentication Portal service of [Palo Alto Networks PAN-OS](https://www.scworld.com/news/palo-alto-networks-says-patch-for-exploited-pan-os-firewall-bug-forthcoming) software allows an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. The flaw is tracked as **CVE-2026-0300** and carries a **CVSS score of 9.3.** [CISA](https://orca.security/glossary/cisa/) ordered federal agencies to fix the vulnerability by May 9, 2026, and added CVE-2026-0300 to its Known Exploited Vulnerabilities catalog. The patched software releases are scheduled in a staggered rollout between **May 13 and May 28**, depending on the specific PAN-OS version branch in use. In the meantime, administrators are strongly urged to restrict access to the User-ID Authentication Portal to trusted internal network zones only, or to disable it entirely if it is not strictly required. _PAN-OS firewalls are widely deployed in enterprise environments, making this one of the most urgent vulnerabilities of the year so far._ ![Firewall Zero-Day Threat](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-check-6937.jpg) ## Iranian State Hackers Use Microsoft Teams to Steal Credentials in False Flag Attack The Iranian state-sponsored hacking group known as MuddyWater has been attributed to a sophisticated attack that used **Microsoft Teams** to steal credentials and manipulate [MFA](https://www.onelogin.com/learn/what-is-mfa) in what Rapid7 described as a “false flag” operation designed to look like a [Chaos ransomware attack](https://www.israeldefense.co.il/en/node/68918). Rather than deploying file-encrypting ransomware, the threat actors engaged with victim employees via **Microsoft Teams**, establishing screen-sharing sessions to steal credentials and compromise accounts. They also performed reconnaissance, [credential harvesting](https://datadome.co/guides/credential/how-to-detect-prevent-credential-harvesting-attacks/), and data theft, operations typical of espionage, not financial crime. The campaign’s links to MuddyWater stem from a **code-signing certificate** attributed to “Donald Gay,” which has previously been used by the threat cluster to sign its malware. Security experts warn that Teams-based [social engineering attacks](https://www.securitymagazine.com/articles/101679-2024-saw-over-4-million-mobile-social-engineering-attacks) are surging in 2026, and employees should be deeply skeptical of any unsolicited IT support request arriving through the platform. ![Chat-Based Social Engineering](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-record-1700.jpg) ## CISA Launches “CI Fortify” to Protect Critical Infrastructure from Nation-State Cyberattacks The **federal government’s** top cybersecurity agency warned that [state-sponsored hackers](http://theguardian.com/world/2026/feb/10/state-sponsored-hackers-targeting-defence-sector-employees-google-says), particularly two Chinese groups known as [Salt Typhoon and Volt Typhoon](https://securityboulevard.com/2025/04/volt-typhoon-salt-typhoon-apt41-this-is-no-longer-a-drill/), continue to threaten critical sectors like electricity, water, and internet. In response, [CISA launched CI Fortify](https://www.arcweb.com/blog/cisa-ci-fortify-guidance-highlights-need-critical-infrastructure-resilience), an initiative designed to ensure essential service providers can continue operating even during an active cyberattack. The guidance focuses on **two emergency planning objectives:** isolation and recovery. Isolation involves proactively disconnecting from third-party and business networks to safeguard operational technology. _Recovery involves documenting systems, backing up critical files, and practicing the replacement of systems or transitioning to manual operations in case a cyberattack shuts down critical infrastructure._ CISA’s acting director noted that [artificial intelligence](https://www.ibm.com/think/topics/artificial-intelligence) is also a primary concern driving the pivot to CI Fortify, given the increasing speed at which AI is changing and morphing the types of impacts defenders face across both critical infrastructure and**operational technology**. ## AI-Guided Hacker Compromises Municipal Water Utility in Mexico Incident response firm **Dragos reported** that a hacker used an AI model to compromise a municipal water and drainage utility in Monterrey, Mexico. While full details of the intrusion remain limited, it is one of the first publicly confirmed cases of an attacker leveraging AI to guide an attack on public [water infrastructure](https://sevenseaswater.com/water-infrastructure-in-america/), a chilling signal of what defenders are up against in 2026. The incident underscores how AI is no longer just a tool for defenders; attackers are now using it to accelerate reconnaissance, identify vulnerable entry points, and move through operational technology networks that control critical **public services**. CISA’s CI Fortify initiative, launched the same week, is directly relevant to threats of this kind. ![Public Utility AI Cyberattack](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-report-7194.jpg) ## Cushman & Wakefield Hit by ShinyHunters, 500,000 Salesforce Records Exposed Global real estate services giant [Cushman & Wakefield](https://cybernews.com/news/cushman-wakefield-shinyhunters-salesforce-breach-claim/) became a victim of a cyberattack carried out by the ShinyHunters ransomware group. The attack exposed over **500,000 Salesforce** records, including personally identifiable information and other internal corporate data. The breach adds to an **alarming pattern:** _ShinyHunters is running simultaneous high-profile campaigns across education, healthcare, corporate, and cloud sectors._ Their targeting of Salesforce customer records highlights how third-party CRM platforms, often trusted as the source of truth for customer data, are becoming premium targets for [cybercriminals](https://informationsecuritybuzz.com/leak-hsbc-customer-data-bank-denies-breach/) looking to harvest large volumes of [PII](https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII) in a single operation. ## Microsoft Warns of Large-Scale Phishing Campaign Targeting 35,000 Users Microsoft researchers warned of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting**35,000** users across **13,000** organizations worldwide. _The campaign used official-looking messages that mimicked regulatory compliance notifications, a tactic designed to trigger urgency and bypass a recipient’s skepticism._ This is exactly where [DMARC](/) enforcement becomes a frontline defence. When domains are **properly protected** with DMARC, [SPF](https://autospf.com/blog/what-is-spf-email-a-guide-to-sender-validation-technology/), and [DKIM](/what-is-dkim/) policies set to reject, attackers cannot send spoofed emails from your domain. Organizations without [DMARC enforcement](/blog/dmarc-enforcement-and-monitoring/) leave themselves, and their customers, vulnerable to impersonation at scale. ![Cybersecurity News Roundup: Global Breaches and Emerging AI Threats](https://media.mailhop.org/dmarcreport/images/2026/05/what-is-dmarc-9722.jpg) ## GitHub RCE Flaw Could Have Exposed Millions of Private Repositories Cybersecurity researchers from Wiz disclosed a critical security vulnerability affecting GitHub.com and [GitHub](https://www.itnews.com.au/news/github-patches-critical-git-push-remote-code-execution-bug-625435) Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command. The flaw, tracked as CVE-2026-3854 with a CVSS score of 8.7, involved push option values that were not properly sanitized before being included in **internal service headers**. In the case of GitHub Enterprise Server, exploitation would have allowed a full server compromise and access to all repositories and internal secrets. On GitHub.com, it allowed [remote code execution](https://www.cloudflare.com/learning/security/what-is-remote-code-execution/) on shared storage nodes, with millions of **public and private repositories** accessible on the affected nodes. GitHub deployed a patch within six hours of responsible disclosure and confirmed no exploitation occurred in the wild before the fix was applied. ## Linux Kernel “Dirty Frag” Vulnerability Discovered, Successor to “Copy Fail” Details have emerged about a new, unpatched local privilege escalation vulnerability impacting the Linux kernel, dubbed “[Dirt](https://www.infoq.com/news/2026/05/copy-fail-dirty-frag-linux/)[y](https://www.infoq.com/news/2026/05/copy-fail-dirty-frag-linux/) [Frag](https://www.infoq.com/news/2026/05/copy-fail-dirty-frag-linux/).” It has been described as a successor to “Copy Fail” (CVE-2026-31431), a recently disclosed flaw that has since come under active exploitation. The **vulnerability achieves root privileges** on most Linux distributions by [chaining two page-cache](https://mirasvit.com/blog/common-issues-and-few-hacks-with-magento-2-full-page-cache.html) write vulnerabilities together. What makes Copy Fail particularly dangerous is that it works **100%** of the time, unlike most local privilege escalation bugs that tend to be probabilistic in nature. The underlying bug traces back to a 2017 kernel update originally intended to speed up [data encryption](https://cloudian.com/guides/data-protection/data-encryption-the-ultimate-guide/), meaning all major Linux distributions from 2017 onward are impacted. With Dirty Frag now emerging as a successor, [Linux administrators](https://www.news18.com/world/france-moves-away-from-us-tech-drops-windows-turns-to-linux-for-public-administration-ws-kl-10028484.html) have a serious new threat to contend with. ## PCPJack Credential Stealer Worms Across Cloud Infrastructure **Cybersecurity researchers** disclosed details of a new credential theft framework called [PCPJack](https://www.technadu.com/cloud-credential-worm-pcpjack-targets-teampcp-victims/627541/) that targets exposed [cloud infrastructure](https://netlink.com/cloud-infrastructure-services-in-usa/) and removes any artifacts linked to **TeamPCP** from the environments. The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates data through attacker-controlled infrastructure while attempting to spread to additional hosts. _PCPJack specifically targets services like Docker, Kubernetes, Redis, MongoDB, and RayML, spreading in a worm-like fashion across compromised networks_. Researchers at SentinelOne assess that the ultimate goal of the campaign is [credential theft](https://www.proofpoint.com/us/threat-reference/credential-theft), fraud, spam, extortion, or the resale of stolen data on criminal marketplaces. ![Cloud Infrastructure Worm](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-record-generator-9785.jpg) ## MOVEit Automation Critical Authentication Bypass Patched Progress Software released updates to address two security flaws in [MOVEit Automation](https://socradar.io/blog/cve-2026-4670-moveit-automation-auth-bypass/), including a critical bug that could result in an authentication bypass. MOVEit Automation is a secure, **server-based managed file transfer solution** used to schedule and automate file movement workflows in enterprise environments. MOVEit became infamous following the 2023 mass exploitation that impacted hundreds of organisations globally. _The fact that new critical vulnerabilities are still emerging in the product, and that organisations continue to use it, makes patching especially urgent._ Any unpatched **MOVEit instance is a high-value target**. ## Vishing-Based Cybercrime Groups “Cordial Spider” and “Snarky Spider” Ramp Up SaaS Attacks Two cybercrime groups tracked as Cordial Spider and Snarky Spider are carrying out rapid, high-impact attacks operating almost entirely within [SaaS environments](https://cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/?utm%5Fsource=chatgpt.com). According to CrowdStrike, these actors use vishing to bypass MFA and move **laterally across entire** [SaaS ecosystems](https://scanx.trade/stock-market-news/stocks/zoho-ceo-welcomes-government-endorsement-highlights-india-s-saas-ecosystem-growth/20265823) with a single authenticated session, masking their tracks through residential proxy networks to blend in as legitimate home user traffic. These groups are part of a broader trend of English-speaking ransomware crews that share similar playbooks but operate under distinct brands. The use of residential proxies makes detection particularly difficult for **security teams monitoring** for unusual geographic login patterns. ## AI Investment Scam Network Spans 15,500 Domains AI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets. The campaign, [spanning over 15,500 domains](https://www.malwarebytes.com/blog/news/2026/05/massive-ai-investment-scam-network-spans-15500-domains), represents one of the largest AI-themed investment fraud operations ever identified. Victims are lured with promises of **AI-powered trading returns**, only to have their funds stolen. The abuse of legitimate ad-tracking infrastructure to selectively surface scam pages is a sophisticated evasion tactic. _Regular users see nothing suspicious; only those profiled as likely victims are shown the fraudulent content._ This technique is now being widely adopted across crypto, forex, and AI investment scams. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Uncategorized 12m How can I start protecting my G Suite email from phishing with DMARC? Jan 28, 2026 ](/blog/how-to-protect-g-suite-email-from-phishing-using-dmarc/)[ Uncategorized 5m Manufacturer Hit Cyberattack, Fake Teams Breach, AI Targets MSMEs Apr 30, 2026 ](/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes/)[ Uncategorized 5m Swedish Plant Hacked, UAE 800,000 Cyberattacks, Apple Alerts Exploited Apr 23, 2026 ](/blog/swedish-plant-hacked-uae-800000-cyberattacks-apple-alerts-exploited/)[ Uncategorized 11m Trellix Source Breach, MOVEit Auth Bypass, DAEMON Trojan Attack May 7, 2026 ](/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist","description":"DMARC Report Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist Play Episode Pause Episode Mute/Unmute Episode Rewind 10 Seconds 1x Fast.","url":"https://dmarcreport.com/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist/","datePublished":"2026-05-14T17:25:41.000Z","dateModified":"2026-05-14T17:29:47.000Z","dateCreated":"2026-05-14T17:25:41.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist/"},"articleSection":"uncategorized","keywords":"dkim, DMARC, News, SPF","wordCount":1883,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-analyzer-6473.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Uncategorized","item":"https://dmarcreport.com/uncategorized/"},{"@type":"ListItem","position":4,"name":"Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist","item":"https://dmarcreport.com/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist/"}]} ```