TechCrunch Disrupt 2026: Get 50% Off a Second Pass and Close More Deals Faster

Time is running out for founders, investors, and operators who want to supercharge their deal-making. For the next four days, you can buy one pass to TechCrunch Disrupt 2026 and get 50% off a second pass of the same ticket type. This offer expires on May 8 at 11:59 p.m. PT. After that, prices rise, and bringing a partner or colleague will cost you significantly more. Register here to secure your plus-one at half price.

In the fast-paced world of startups, access is everything. Many believe that a polished pitch is the key to success, but the reality is that proximity to capital and decision-makers often determines who scales and who stalls. TechCrunch Disrupt 2026 is designed to eliminate the barriers of cold outreach and missed introductions, giving you direct access to the people who can write checks and open doors.

Why Deal Flow Matters More Than Ever

Fundraising is a long game of chasing proximity. Cold emails, ignored LinkedIn messages, and weeks of waiting for replies can drain your momentum. Without access, you watch deals happen without you. That’s where TechCrunch Disrupt 2026 deals come into play. This event compresses the fundraising timeline by putting you in the same room as top-tier investors, all in one place.

Building on this, the event offers several dedicated spaces for meaningful interactions:

• Startup Battlefield 200: Pitch in front of leading VCs and compete for a $100,000 equity-free prize.
• Deal Flow Café: A designated area for real, unfiltered conversations between founders and investors.
• Curated matchmaking: Targeted 1:1 and small-group meetings with investors who align with your sector.
• Expo Hall proximity: Turn cold outreach into live demos and authentic discussions.

As a result, you shift from chasing attention to securing influence. Your ticket grants you access to candid insights from active founders, top-tier investors, and operators scaling real companies. Speakers include Nina Achadjian of Index Ventures, Josh Reeves of Gusto, and Arsalan Tavakoli-Shiraji of Databricks, among many others.

How Disrupt 2026 Accelerates Fundraising

When TechCrunch Disrupt 2026 takes over Moscone West in San Francisco from October 13–15, more than 10,000 founders, investors, and operators will gather with a single goal: to advance deals. This changes the pace of business immediately. Instead of months of back-and-forth, conversations start and move faster across industry stages, keynotes, roundtables, and investor receptions.

Furthermore, you are not burning resources trying to get into a meeting—you are already in one. Disrupt is a premier global startup event where the ecosystem converges to move ideas, deals, and companies forward. With over 20,000 curated meetings and dedicated environments like investor-founder networking sessions, the event is built for deal flow, not just discussion.

The Power of Proximity

At Disrupt, you are face-to-face with investors who can ask questions on the spot, evaluate your vision directly, and read signals immediately. This feedback loop compresses timelines. What normally takes weeks can take shape in a single day—especially as you move between sessions and conversations across the venue. Check the agenda to plan your time effectively.

In addition, you will find 80+ Side Events across the Bay Area for networking, workshops, and social connections, extending the value of your Disrupt ticket. Bringing a second person with your 50% discount multiplies those moments, allowing you to cover more ground and convert more conversations into real opportunities.

Don’t Miss Your 50% Discount

Buy one pass, get 50% off the second (of the same ticket type). Bring someone who helps you move faster—and put yourself in the room where deals actually start. Register now to secure your two passes before May 8 at 11:59 p.m. PT. After that, the price goes up, and the opportunity to bring a colleague takes a bigger chunk of your budget.

Therefore, if fundraising is already on your roadmap, waiting doesn’t make it easier. It just delays access. Secure your passes today for TechCrunch Disrupt 2026 and close more deals faster.

Formbook Malware Campaign Exploits Multiple Obfuscation Techniques to Evade Detection

Cybercriminals have launched two distinct phishing campaigns, each employing a stealthy infection method, to target organizations running Microsoft Windows. The primary objective? To deploy Formbook, a notorious infostealer malware that has been a staple of malware-as-a-service operations since 2016.

Formbook is designed to harvest sensitive information—login credentials, browser data, and screenshots—while using advanced evasion techniques to slip past security tools. A decade after its debut, this threat remains active across industries, with no signs of slowing down.

How the Formbook Malware Campaign Works

Security researchers at WatchGuard have detailed two new Formbook campaigns in a blog post published on April 20. These attacks target companies in Greece, Spain, Slovenia, Bosnia, Croatia, and several South American countries. The phishing lures are disguised as routine business emails, making them hard to spot.

What sets these campaigns apart is the diversity of evasion methods. One relies on DLL sideloading, while the other uses obfuscated JavaScript. Both aim to deliver the same malicious payload: Formbook.

DLL Sideloading: A Classic Evasion Tactic

The first campaign starts with a phishing email containing an RAR file. Inside, there are four files: three dynamic-link libraries (DLLs) and one Windows executable (EXE). Attackers use DLL sideloading, a technique that tricks a legitimate program into loading a malicious DLL instead of a safe one. This allows the malware to run without triggering alarms.

This method is particularly effective because it abuses trusted system processes. Security teams often struggle to flag such behavior as suspicious, giving attackers a clear path to deploy Formbook.

Obfuscated JavaScript: A Modern Twist

The second campaign takes a different route. It also begins with a phishing email, but this time, the malicious payload hides inside JavaScript and PDF files. The code is heavily obfuscated to evade detection.

When executed, the JavaScript drops two image files. These images contain PowerShell commands, obfuscated within long strings of code. Ultimately, these commands run a Windows executable that deploys a custom malware loader. This loader has previously distributed other threats like Remcos, XWorm, AsyncRAT, and SmokeLoader. In this case, it delivers Formbook.

Why This Formbook Malware Campaign Matters

Formbook is not new, but its persistence and adaptability make it a serious concern. By using multiple obfuscation techniques, attackers can bypass traditional security measures. As a result, organizations must stay vigilant.

WatchGuard advises security teams to monitor for suspicious archive-based email attachments, anomalous DLL loading behavior, and PowerShell execution tied to user-opened attachments. They also recommend watching for signs of manual DLL mapping or direct syscall activity in memory.

Defending Against These Evasion Tactics

To counter these threats, companies should focus on behavior-based detection. Correlating activities across the attack chain—like email attachments, DLL loading, and PowerShell commands—can help identify Formbook infections before data is compromised.

Additionally, implementing robust email filtering and endpoint protection solutions can reduce the risk. Employee training on phishing awareness is also crucial, as these attacks often rely on human error.

Conclusion: Staying Ahead of Formbook

This Formbook malware campaign highlights the evolving nature of cyber threats. Attackers are constantly refining their methods, using DLL sideloading and obfuscated JavaScript to stay one step ahead. However, with the right security strategies, organizations can detect and stop these attacks.

By understanding how these evasion techniques work, security teams can better protect their networks. The key is to remain proactive, monitor for unusual behavior, and educate users about the risks of phishing.

Hackers Steal Student Data in Major Breach at Education Tech Giant Instructure

The education technology sector has been rocked by a significant security incident. Instructure, the company behind the widely used Canvas learning management system, has confirmed a data breach that exposed sensitive student information. The notorious hacking group ShinyHunters has taken credit for the attack, claiming to have accessed a trove of personal data.

What Was Stolen in the Instructure Data Breach?

According to the company’s official statement, the breach affected students’ private details. The hackers allegedly obtained names, personal email addresses, and messages exchanged between teachers and students. This matches the type of data Instructure admitted was compromised.

ShinyHunters shared a sample of the stolen information with TechCrunch, including records from two U.S. schools—one in Massachusetts and one in Tennessee. The Massachusetts data contained messages with names, email addresses, and some phone numbers. The Tennessee sample included full names and email addresses. Notably, passwords were not part of the leaked data, and Instructure confirmed that other sensitive data types remained unaffected.

ShinyHunters: The Group Behind the Attack

ShinyHunters has a track record of targeting universities and cloud database companies. This gang is financially motivated and often threatens to publish stolen data unless a ransom is paid. On its leak site, the group claimed the breach impacted nearly 9,000 schools worldwide and exposed data on 275 million individuals, including students, teachers, and staff. In an online chat, a ShinyHunters member told TechCrunch that the stolen data contained 231 million unique email addresses.

However, experts caution that such groups often exaggerate their claims to attract media attention and pressure victims. TechCrunch could not independently verify the full scope of the breach.

Impact on Schools and the Canvas Platform

Instructure’s Canvas platform is a cornerstone for many educational institutions, enabling course management, assignments, and communication. The breach raises serious concerns about the security of student data on such platforms. Schools using Canvas should review their security protocols and consider tips for protecting student information.

ShinyHunters also released a list of approximately 8,800 schools allegedly affected. While Instructure claims over 8,000 institutional customers, TechCrunch could not confirm whether all listed schools were affected or were even Instructure clients. The company’s spokesperson, Kate Holmes, declined to answer specific questions and directed inquiries to the company’s official update page.

Restoration Efforts and Ongoing Investigation

As of Tuesday, Instructure reported that some products, including Canvas, were restored for customers after undergoing maintenance. The company is continuing to investigate the breach and update its response. For those seeking more information, Instructure’s cybersecurity best practices for schools guide offers additional guidance.

This incident underscores the growing threat of cyberattacks on educational institutions. Schools must remain vigilant and implement robust security measures to safeguard sensitive data.