--- title: "Instructure Ransom Breach, Pwn2Own Zero-Days, MiniPlasma Exploit Exposed | DMARC Report" description: "Stay updated with the latest cybersecurity news, data breaches, ransomware attacks, zero-days, vulnerabilities, and global cyber threat intelligence." image: "https://dmarcreport.com/og/blog/instructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed.png" canonical: "https://dmarcreport.com/blog/instructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed/" --- Quick Answer Cybersecurity News Roundup delivers the latest updates on cyber attacks, ransomware, data breaches, zero-day vulnerabilities, phishing campaigns, and global security threats. It helps businesses, IT teams, and security professionals stay informed about emerging risks and cybersecurity trends. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Finstructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Instructure%20Ransom%20Breach%2C%20Pwn2Own%20Zero-Days%2C%20MiniPlasma%20Exploit%20Exposed%20&url=undefined%2Fblog%2Finstructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Finstructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Finstructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed%2F&title=Instructure%20Ransom%20Breach%2C%20Pwn2Own%20Zero-Days%2C%20MiniPlasma%20Exploit%20Exposed%20 "Share on Reddit") [ ](mailto:?subject=Instructure%20Ransom%20Breach%2C%20Pwn2Own%20Zero-Days%2C%20MiniPlasma%20Exploit%20Exposed%20&body=Check out this article: undefined%2Fblog%2Finstructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed%2F "Share via Email") ![cybersecurity news](https://media.mailhop.org/dmarcreport/dmarc-check-6448-1779273372411.jpg) This past week was one of the most action-packed in recent **cybersecurity memory**. A landmark educational [data breach](https://industrialcyber.co/utilities-energy-power-water-waste/pickett-usa-breach-allegedly-exposes-sensitive-engineering-data-linked-to-us-utilities/) reached a shocking resolution, Microsoft’s Exchange Server came under active real-world exploitation, researchers pocketed over a million dollars exposing zero-days in enterprise software and AI tools, and a researcher publicly dropped a Windows exploit that gives SYSTEM-level access on fully patched machines — all in the span of just seven days. Here’s the full breakdown. ## Instructure Pays ShinyHunters Ransom to Contain the Largest Educational Data Breach on Record The most significant story of the week reached a pivotal moment when Canvas LMS operator Instructure confirmed it had reached an agreement with the [ShinyHunters ransomware group](https://www.theverge.com/tech/926458/canvas-shinyhunters-breach) and that the compromised data was destroyed. The breach, which originally began in late April 2026, is now considered the largest educational security breach on record due to its unprecedented global scale, affecting **8,809 universities**, educational ministries, and other institutions worldwide. ShinyHunters claimed to have stolen roughly **275 million records** tied to students, teachers, and staff. The compromised data reportedly included names, email addresses, and student ID numbers. Adding legal pressure, on May 13, 2026, a proposed [class action lawsuit](https://www.investopedia.com/terms/c/classaction.asp) was filed against Instructure in the [United States District Court](https://en.wikipedia.org/wiki/United%5FStates%5Fdistrict%5Fcourt) for the [Southern District of California](https://ballotpedia.org/United%5FStates%5FDistrict%5FCourt%5Ffor%5Fthe%5FSouthern%5FDistrict%5Fof%5FCalifornia). The breach had particular implications in the United States, where Canvas is used by **41% of higher education institutions**. Organizations are urged to implement multi-factor authentication and robust email authentication controls such as [DMARC](https://dmarcreport.com/), [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), and [DKIM](https://dmarcreport.com/what-is-dkim/) to prevent future phishing attempts that commonly follow large-scale data breaches. ## Pwn2Own Berlin 2026 Wraps Up with $1.3 Million Paid for 47 Zero-Days ![Dmarc Check 68223](https://media.mailhop.org/dmarcreport/dmarc-check-68223-1779273905484.jpg) The premier white-hat hacking competition concluded this week with staggering results. The Pwn2Own Berlin 2026 hacking contest concluded with security researchers collecting $1,298,250 in rewards after exploiting **47 zero-day flaws**. The competition took place at the OffensiveCon conference from May 14 to May 16 and focused on enterprise technologies and artificial intelligence. DEVCORE secured the “Master of Pwn” title with 50.5 points and **$505,000** in winnings after dominating multiple categories throughout the event. Highlights included DEVCORE chaining three bugs to achieve remote code execution as SYSTEM on Microsoft Exchange, earning **$200,000** for that single exploit. [OpenAI’s Codex](https://www.datacamp.com/tutorial/openai-codex) coding agent was successfully exploited three separate times across the competition by three different researchers, a pattern that should prompt serious reflection inside **OpenAI’s security organization**. Each exploit used a different technique, meaning the attack surface is not a single narrow flaw but something broader. _The results are a wake-up call: enterprise software and AI-powered development tools continue to harbor critical security weaknesses even after patching._ ## ”MiniPlasma” Windows Zero-Day Goes Public — SYSTEM Privileges on Fully Patched Systems One of the most alarming disclosures of the week came from a researcher who dropped a working exploit for a [Windows privilege escalation zero-day](https://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/) with no official patch available. A cybersecurity researcher known as Chaotic Eclipse released both the source code and a compiled executable on [GitHub](https://www.geeksforgeeks.org/git/introduction-to-github/) after claiming that Microsoft failed to properly patch a previously **reported 2020 vulnerability**. According to the researcher, the flaw impacts the ‘cldflt.sys’ Cloud Filter driver and its ‘HsmOsBlockPlaceholderAccess’ routine, which was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. BleepingComputer tested the exploit on a fully patched **Windows 11 Pro system** running the latest May 2026 Patch Tuesday updates. Using a standard user account, after running the exploit, it opened a command prompt with [SYSTEM privileges](https://www.ibm.com/docs/en/idr/11.4.0?topic=privileges-system). MiniPlasma is particularly dangerous as a post-exploitation tool — once an attacker gains a basic foothold, it can instantly elevate their privileges to full system control. Microsoft has not yet issued an emergency patch or assigned a new CVE. Until a fix is available, security teams should monitor for suspicious privilege escalation activity and unusual command prompt behavior. ## Tycoon2FA Phishing Kit Evolves to Bypass MFA — Hijacks Microsoft 365 via OAuth Despite being disrupted in a major international law enforcement takedown in March 2026, the [Tycoon2FA](https://gbhackers.com/tycoon-2fa-operators-use-oauth-device/amp/) phishing-as-a-service operation has bounced back with a more dangerous technique. A new phishing campaign uncovered in late **April 2026** shows how [threat actors](https://www.infosecurity-magazine.com/news/iranbacked-hackers-cni-ot-assets/) behind the Tycoon 2FA kit are evolving beyond traditional credential theft. The attack begins with a phishing email disguised as a vendor invoice reminder. Victims are lured into clicking a Trustifi click-tracking link, which redirects through a [Cloudflare Workers](https://www.cloudflare.com/products/workers/) domain before delivering the malicious payload. In this attack, victims are shown a **Microsoft 365** voicemail notification lure. They are instructed to copy a user code and visit the real Microsoft device login page at microsoft.com/devicelogin. Since the victim is interacting with genuine Microsoft infrastructure, [MFA](https://www.onelogin.com/learn/what-is-mfa) is triggered and completed normally. What the victim does not realize is that by approving the prompt, they are granting access tokens to an attacker-controlled device running in the background.![Dmarc Report 8630](https://media.mailhop.org/dmarcreport/dmarc-report-8630-1779273978184.jpg) _Once consent is granted, attackers gain access to multiple services, including Exchange Online, Microsoft Graph, and OneDrive._ A single approval effectively compromises the entire [Microsoft 365 environment](https://arineo.com/en/modern-workplace/microsoft-365/). Organizations should enable **Conditional Access policies** that restrict device code flows and train employees to never approve unexpected device login prompts. ## node-ipc npm Package Compromised in Targeted Supply Chain Attack Developers worldwide were put on high alert after a popular Node.js library was secretly backdoored. On May 14, 2026, [three malicious versions of node-ipc](https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html) a foundational Node.js inter-process communication library with over 10 million weekly downloads, were simultaneously published to the npm registry. Versions 9.1.6, 9.2.3, and 12.0.1 each carry an identical 80 KB obfuscated credential-stealing payload injected into the package’s CommonJS bundle. Attackers appear to have acquired the account’s recovery email domain atlantis-software\[.\]net after it expired, allowing them to trigger a standard npm password reset and silently gain publish rights without ever touching the original maintainer’s infrastructure. The payload was designed to steal cloud credentials, [SSH keys](https://www.datacamp.com/tutorial/ssh-keys), and CI/CD pipeline secrets — a goldmine for attackers seeking deeper access into **developer environments**. _Any team using node-ipc should immediately audit their dependency versions and rotate all secrets accessible in environments where the compromised versions may have been installed_. ## Russia’s Secret Blizzard (Turla) Upgrades Kazuar Into a Modular P2P Spy Botnet Microsoft this week released a **deep-dive analysis** revealing how one of the world’s most sophisticated state-backed hacking groups has dramatically upgraded its core malware. Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has expanded from a relatively traditional backdoor into a highly modular [peer-to-peer (P2P) botnet](https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/the-industrialization-of-botnets-automation-and-scale-as-a-new-threat-infrastructure) ecosystem designed to enable persistent, covert access to target environments. The threat actor has historically targeted organizations in the **government and diplomatic sector** in Europe and Central Asia.![Dmarc Record 3227](https://media.mailhop.org/dmarcreport/dmarc-record-3227-1779274080514.jpg)The malware now operates using three distinct modules: Kernel, Bridge, and Worker. The Kernel module is the [central coordinator](https://www.lawinsider.com/dictionary/central-coordinator) that manages tasks, controls other modules, elects a leader, and orchestrates communications and data flow across the botnet. _Critically, only one infected machine is elected as the “leader” at any given time, and only that elected leader is permitted to communicate with the outside world. This means the entire botnet produces very little suspicious external network traffic._ This design makes Kazuar extraordinarily difficult to detect and disrupt. Security teams are advised to monitor for unusual named pipe activity, hidden windows registered by unknown processes, and encrypted files being staged to **local working directories**. ## Cushman & Wakefield Hit by ShinyHunters — 500,000 Salesforce Records Exposed The same threat actor behind the Canvas breach struck again this week. [Cushman & Wakefield](https://cybernews.com/news/cushman-wakefield-shinyhunters-salesforce-breach-claim/), a Chicago-based real estate firm, became a victim of a cyberattack carried out by the ShinyHunters ransomware group. The ransomware attack exposed over **500,000 Salesforce** records, including personally identifiable information and other internal corporate data. The breach illustrates how [CRM platforms](https://technologymagazine.com/top10/top-10-crm-platforms) like Salesforce, which hold enormous volumes of sensitive client and business data, are increasingly prime targets for ransomware groups. Companies must ensure that Salesforce environments are protected with robust access controls, **data loss prevention policies**, and comprehensive audit logging to detect unauthorized access before it escalates. ## Cisco SD-WAN Zero-Day Exploited — The Sixth Such Flaw in 2026 ![What Is Dmarc 3193](https://media.mailhop.org/dmarcreport/what-is-dmarc-3193-1779274129256.jpg) Cisco was back in the news this week with yet another critical vulnerability in its SD-WAN infrastructure. _Cisco patched another SD-WAN zero-day, the sixth exploited in 2026, tracked as CVE-2026-20182._ The flaw was being exploited in targeted attacks by a sophisticated threat actor identified as **UAT-8616**. The fact that this marks the sixth exploited [Cisco SD-WAN zero-day](https://www.bankinfosecurity.com/new-cisco-sd-wan-zero-day-grants-admin-access-a-31708) in a single calendar year is deeply concerning and indicates that adversaries are methodically probing and weaponizing vulnerabilities in network infrastructure that underpins enterprise connectivity worldwide. Organizations relying on Cisco SD-WAN solutions should prioritize patching and review their network segmentation policies immediately. ## OpenAI Hit by TanStack Supply Chain Attack The software supply chain continued to be a major attack vector this week, with OpenAI reportedly falling victim to a compromise involving malicious packages. [OpenAI was hit by a supply chain attack](https://securityboulevard.com/2026/05/openai-urges-macos-users-to-update-after-tanstack-supply-chain-attack-hits-signing-keys/) linked to malicious TanStack packages. The attack mirrors the pattern seen in the node-ipc incident earlier in the week, where attackers target trusted **open-source components** rather than attacking organizations directly. Supply chain attacks are among the most dangerous threat vectors because they exploit the inherent trust organizations place in third-party libraries and dependencies. Businesses are strongly advised to implement [software bill of materials (SBOM)](https://www.ibm.com/think/topics/sbom) practices and **continuously audit** their dependency chains for signs of tampering. ## Avada Builder WordPress Plugin Vulnerabilities Expose Over One Million Sites Website owners running one of the most popular [WordPress plugins](https://www.msn.com/en-us/news/technology/over-a-million-wordpress-sites-hit-in-plugin-flaw-heres-what-we-know/ar-AA23cJwK) were warned of serious security flaws this week. **Two vulnerabilities** in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. The plugin is widely used by businesses and developers to build websites, making this a significant exposure. **Site administrators** should update the Avada Builder plugin to the latest patched version immediately and review their web server access logs for signs of exploitation. _This case also highlights the importance of keeping all WordPress plugins and themes up to date as part of routine._ ![Dmarc Record Generator 3391](https://media.mailhop.org/dmarcreport/dmarc-record-generator-3391-1779274154701.jpg) ## Ghostwriter Resumes Targeted Attacks on Ukrainian Government The cyber front of the Russia-Ukraine conflict remained active this week, with a known threat group re-emerging. The [Ghostwriter group resumed attacks](https://securityaffairs.com/192196/apt/ghostwriter-group-resumes-attacks-on-ukrainian-government-targets.html) on Ukrainian government targets. Ghostwriter has historically been associated with information operations and targeted intrusion campaigns against **Ukrainian governmental and military entities**. These ongoing attacks highlight that cyberwarfare remains an integral part of the broader conflict, and organizations connected to or operating in Ukraine should **maintain heightened vigilance**, ensure all systems are fully patched, and monitor for [spear-phishing](https://dmarcreport.com/blog/kimsuky-spear-phishing-worldwide-2023-social-phishing-threat-phishing-html-doubles/) campaigns that are frequently the initial access vector for this threat group. ## WEF Declares Cybersecurity a Systemic Economic and Strategic Imperative At the global policy level, the [World Economic Forum](https://www.britannica.com/money/World-Economic-Forum) delivered a major framing statement that elevated cybersecurity beyond the realm of IT departments. The WEF says cybersecurity has become a systemic, economic, and strategic imperative in an AI-driven, fragmented world. It argues that cyber risk is now pervasive, scalable, and central to economic and societal stability, not just a technical nuisance. Leaders at the **Annual Meeting on Cybersecurity 2026 in Geneva** focused on the shift from compliance-driven security to measurable resilience. This shift in language matters enormously. When the world’s leading economic forum frames cyber incidents as financial events, operational events, and **national security events** in the same breath, it signals that boards of directors and executive teams can no longer treat cybersecurity as an IT concern alone. Proper [email authentication](https://dmarcreport.com/blog/a-basic-guide-to-email-authentication-for-legal-professionals/) infrastructure — including DMARC, DKIM, and SPF — remains one of the most **foundational and cost-effective steps** any organization can take to reduce phishing risk.![Gmail Dmarc 5119](https://media.mailhop.org/dmarcreport/gmail-dmarc-5119-1779274195670.jpg) ## Quantum Q-Day Moves from Theory to Active Migration Planning Finally, one of the most consequential long-term cybersecurity stories advanced significantly this week. Reuters described [cybersecurity](https://dmarcreport.com/blog/email-security-meets-cybersecurity-understanding-the-role-of-dmarc-reports/) as the immediate worry in quantum computing, warning that cryptographically relevant machines could threaten digital communications and even cryptocurrencies, while NIST has already finalized post-quantum encryption standards to protect against future quantum attacks. The [UK’s National Cyber Security Centre](https://www.ncsc.gov.uk/news/ncsc-leave-passwords-in-the-past-passkeys-are-the-future) has also urged organizations to prepare for migration to **post-quantum cryptography** on a defined timeline rather than waiting for panic to force a rushed transition. The key insight from this week’s reporting: organizations do not need to wait for a quantum computer capable of breaking today’s encryption to be at risk. Sensitive data being encrypted and stored today could be harvested now and decrypted later once quantum capability matures — a strategy known as “harvest now, decrypt later.” **CISOs and security teams** should begin inventorying where long-lived [sensitive data](https://www.bbc.com/news/articles/cwy6nd3664no) is encrypted and develop a roadmap for post-quantum migration now. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Instructure Ransom Breach, Pwn2Own Zero-Days, MiniPlasma Exploit Exposed ","description":"Stay updated with the latest cybersecurity news, data breaches, ransomware attacks, zero-days, vulnerabilities, and global cyber threat intelligence.","url":"https://dmarcreport.com/blog/instructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed/","datePublished":"2026-05-20T00:00:00.000Z","dateModified":"2026-05-20T00:00:00.000Z","dateCreated":"2026-05-20T00:00:00.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/instructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed/"},"articleSection":"foundational","keywords":"","image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/dmarc-check-6448-1779273372411.jpg","caption":"cybersecurity news"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Instructure Ransom Breach, Pwn2Own Zero-Days, MiniPlasma Exploit Exposed ","item":"https://dmarcreport.com/blog/instructure-ransom-breach-pwn2own-zero-days-miniplasma-exploit-exposed/"}]} ```