ProCircular

Canvas is one vendor. Your SaaS risk isn't. Prepare for next time... A new fixed-scope assessment of your Canvas exposure and the plan behind it. The Canvas breach got your attention. The lesson isn't really about Canvas. Every SaaS platform your institution runs, your LMS, your SIS, your payment and research tools, carries the same accumulated risk Canvas did. Developer keys, third-party integrations, webhook subscriptions, and federated SSO grants, authorized over the years and rarely reviewed since. Canvas didn't create that exposure. It just made one instance of it impossible to ignore. ProCircular has opened the Canvas After-Action Assessment, a new, fixed-scope, time-bound engagement built alongside a Big Ten university in response to the incident in real time. It reconstructs what data actually flowed through Canvas at your institution, which notification obligations apply, and what a clear 90-day plan looks like. Six work streams, findings mapped to NIST CSF 2.0 and HECVAT 4.0, deliverables your auditors and insurance carrier can use without translation. Press Release here: hubs.li/Q04hm1cK0 You don't have to be a ProCircular client to engage us, nor do you have to be on the ShinyHunters list of affected schools. You only have to recognize that if this happened with Canvas, the rest of your SaaS stack deserves the same scrutiny. Reach out sales@procircular.com to find out more!

The Canvas security incident was a wake-up call for institutions everywhere. Our team responded quickly, hosting a live webinar to break down exactly what happened, what it means for organizations relying on third-party platforms, and the steps you can take to strengthen your cybersecurity posture before the next incident makes headlines. The recording is now available on demand: hubs.li/Q04gP1TH0 You'll hear from ProCircular's cybersecurity experts on: - What the Canvas incident revealed about third-party risk - What higher ed and data-sensitive organizations should be doing right now - Actionable steps to improve your security readiness today Whether you attended live or are just hearing about this now, it's worth your team's time. #Cybersecurity #HigherEducation #ThirdPartyRisk #Canvas #DataBreach #CyberReadiness #ProCircular

@ProCircular is monitoring the Canvas Incident for clients. We're working with the affected organizations and providing information as it becomes available...#canvas #Cybersecurity hubs.li/Q04fWpSt0

Shadow AI: The Risk Your Security Tools Can’t See hubs.li/Q04fN-2Z0

#1 in the Nation. That's our guy! Congratulations to Bradley Greer, SOC Analyst II at ProCircular, for earning the top spot in the National Cyber League Spring 2026 Individual CTF Competition, in the highly competitive experienced bracket. This kind of result doesn't happen by accident. It's the product of relentless curiosity, deep technical discipline, and commitment to continuous growth. Bradley, we're thrilled for you and so proud. The work you put in every day shows, and now the whole country knows it.

Jim's CV: linkedin.com/in/jim-sherloc…

Heya Friends - I don't do this often, but you REALLY need to check out our Mythos Webinar at 2:00pm. This is an area you need to understand if you're working with ProCircular or me. Anthropic recently announced that its Claude Mythos AI model found major software vulnerabilities, some undetected for decades. In response, they launched Project Glasswing—a $100M security coalition with tech giants and industry leaders. The mission: fix critical issues before attackers exploit them. But recent analysis shows only one confirmed CVE so far (a 17-year-old FreeBSD flaw). Some experts question how much is a new discovery vs. a headline. Anthropic recently announced that its Claude Mythos AI model found major software vulnerabilities, some of which had remained undetected for decades. In response, they launched Project Glasswing—a $100M security coalition with tech giants and industry leaders. The mission: fix critical issues before attackers exploit them. But recent analysis shows only one confirmed CVE so far (a 17-year-old FreeBSD flaw). Some experts question how much is a new discovery vs. a headline. Here's a pretty good (but slightly exciting) YouTube on some of the future we may see: hubs.li/Q04d83gN0 A public report is coming in July. Meanwhile, smaller AI models can already reproduce some findings, raising questions about the real impact. For most security teams in mid-market organizations, the real challenge is what to do next. With a mountain of remediation and AI projects run amok internally, it's a lot to get your arms around for even the most seasoned pro. Our own Jim Sherlock, V.P. of AI & Cyber Research, will unpack all of this in detail, answer your questions, and offer insights on how to make sense of this new world. Register Here: hubs.li/Q04d8nT70 #Cybersecurity #breach #hacking #artificialintelligence #AI #pentesting

Mythos & Glasswing are complicated and new. Jim is going to help us understand... hubs.li/Q04cFtPM0

The 10-Petabyte Heist: The Recent China Supercomputing Breach Means - Discover the implications of the 10-petabyte data breach at China's National Supercomputing Center and learn how organizations can enhance their cybersecurity measures. hubs.li/Q04bjZp90

Every young mind has the potential to excel in cybersecurity—but guiding that curiosity is key. When young enthusiasts navigate the digital world, clear mentorship and reputable platforms can help channel their energy into a positive path before risky behavior takes root. Stay informed, support their learning, and help them build a secure future. #Cybersecurity #DigitalSafety #PositiveFuture

Why Kids Turn to Cybercrime hubs.ly/Q048FqH10

👇 Build your bracket: hubs.li/Q0489_wj0

⏳ Still open — not for long ProCircular’s Tournament of Threats is live 32 real-world hacker groups Single-elimination bracket APT41 vs Lazarus LockBit vs Volt Typhoon 🎯 Part fun. Part learning. All competition. 🧠 Make your picks 📊 Climb the leaderboard 👇 Build your bracket: hubs.li/Q048v-0x0

ProCircular's Tournament of Threats puts 32 of the world's most dangerous hacker groups into a single-elimination bracket — nation-states, ransomware cartels, critical infrastructure hunters, and mercenary groups for hire. APT41. Lazarus Group. LockBit. Volt Typhoon. These aren't made-up villains. They're actively targeting organizations like yours. Pick the winners. Climb the leaderboard. Find out how well you really know your adversaries. 📅 Submissions close Friday, March 27 🏆 Champion announced Monday, April 6 👇 Fill out your bracket here: hubs.li/Q0489NSl0

The Illusion of Oversight: Why Enterprises Need New Governance for Agentic AI in the Workplace - Navigating agentic AI's potential and risks in enterprise productivity. Learn why robust governance is essential for AI tools like Microsoft’s Copilot Cowo... hubs.li/Q047rT9-0

Lessons from Strkyer: Dual Controls, Multi-Admin Approval & Recent Cyberattacks hubs.li/Q047rsrS0

When Every Minute Counts: A Guide to Incident Recovery - Incident Response Engineer Corey Staas shares how to scope, contain, and recover from a cyberattack — and why the goal isn't just getting back to normal. hubs.li/Q046wGHJ0

What do budget cuts to federal cyber support really mean for your security program? Join Alan Shimmel and our CEO to unpack how reduced funding changes federal response and what mid-market leaders should do next. hubs.li/Q042JvX30

If you’re responsible for cyber at a hospital, university, or manufacturer, you’ve already felt it: the federal support system we all relied on is shrinking. FBI cyber agents are being reassigned, CISA’s budget was cut $490m and MS-ISAC is now behind a paywall. We’re not waiting around for that to change. ProCircular is here to help everyone we can, but I’d love to see these agencies get the funding they need, because this fight takes all of us. I sat down with @IT Brew to explain why. hubs.li/Q042qgDs0

Our threat intel team found my genome on the dark web. Our team analyzed the 23andMe breach data—6.9 million genetic profiles, permanently compromised—there I was. Disease markers. Family lineage. Chromosome-level detail. You can get a new credit card. You can't get a new genome. 23andMe filed for bankruptcy over this breach. The attack? Credential stuffing. Reused passwords. No nation-state sophistication required. The fundamentals would have stopped it. They're not glamorous. But they work, and there's a lot to be learned here. I wrote about what we found and what it means: hubs.li/Q03ZzFn70 #Cybersecurity #DataPrivacy #ThreatIntelligence #Healthcare