Tag: education sector
43 articles

Hackers Breach Mount Royal University, Expose Sensitive Data
Mount Royal University recently fell victim to a cyberattack that compromised sensitive data, with hackers accessing and stealing files from the university's network before deleting them. The breach, which occurred on June 17, has disrupted multiple university systems and may take weeks to fully recover from.

China-Aligned Hackers Exploit Roundcube Servers at US, Canada Universities
China-aligned hackers are targeting universities in the US and Canada, exploiting vulnerable Roundcube webmail servers to gain access to sensitive physics and engineering departments with potential national security links. This latest campaign highlights the ongoing threat of email-based attacks and the need for robust server security.

China-Aligned Hackers Exploit Roundcube Flaws to Infiltrate Universities
China-aligned hackers have launched a sneaky attack on universities, exploiting two flaws in the popular Roundcube webmail client to steal credentials and gain persistent access. At least a few dozen universities are believed to be affected, with Proofpoint researchers confirming fewer than 10 intrusions so far.

China-Aligned Hackers Exploit Roundcube Flaws at Universities
China-aligned hackers are exploiting vulnerabilities in Roundcube email servers to gain access to sensitive university networks, specifically targeting physics and engineering departments with national security ties. They've cleverly designed their attacks to fly under the radar, using tactics like compromised senders and spoofed domains to reach their targets.

UK School's Lax Network Security Exposes Sensitive Data
A 17-year-old student gained unrestricted access to a UK school's network, discovering sensitive leadership documents and being able to reset passwords, delete accounts, and even wipe the entire network. The alarming vulnerability was uncovered when the student connected their laptop to the school's Active Directory domain, which surprisingly required no administrator authentication.

India Warns Telegram Over Exam Leak Channels Before Nationwide Block
India's government took swift action against Telegram, warning the platform about exam leak channels just two weeks before blocking it nationwide, as a crucial medical school entrance exam approached. The move came after complaints of leaked NEET-UG 2026 material being shared on the platform.

ClickFix Campaigns Leverage New Loaders in Malware Delivery Push
Meet the BabaDeda Loader, a stealthy malware framework that's evolved to deliver a wider range of threats, including information stealers and remote access trojans, with alarming effectiveness. This revamped loader combines multiple evasion techniques to target vulnerable organizations, particularly in education and finance.

North Korean Hackers Exploit Developer Tools in Malware Campaigns
North Korean hackers have launched a sneaky malware campaign, tricking victims into executing cross-platform malware for macOS, Linux, and Windows through malicious scripts hidden in GitHub repositories. Their latest tactic, dubbed UNK_DeadDrop, uses recruitment lures to deliver self-running code to over 75% of targeted organizations across various sectors.

ShinyHunters Breach Exposes 137,000 Infinite Campus Staff Accounts
A massive data breach at Infinite Campus has exposed the sensitive information of 137,000 staff members, including names, email addresses, phone numbers, and physical addresses, after the ShinyHunters extortion group hacked into the company's Salesforce instance. The stolen data has been published online, putting staff at risk of identity theft and phishing scams.

Former IT Employee Sabotages School District with Prolonged Cyberattack
A former IT employee waged a relentless cyberwar against his old employer, the Saydel Community School District, launching a devastating 21-month attack that crippled the district's systems and disrupted classrooms. The attacks began just days after he left his job, with the deletion of the district's Facebook account, and continued with repeated intrusions into critical services.

Disgruntled IT worker sabotages school district systems, jailed 21 months
A disgruntled IT worker wreaked havoc on a school district's systems for over a year and a half, causing chaos and destruction, after being terminated from his job. The sabotage spree, which included deleting crucial data and altering systems, earned him a 21-month jail sentence.

ShinyHunters Exploits Oracle PeopleSoft Vulnerability in Education Sector Attacks
ShinyHunters hackers have exploited a critical Oracle PeopleSoft vulnerability, CVE-2026-35273, to launch targeted attacks on US organizations, particularly in the higher education sector. The attacks, which involved data theft and extortion, hit a whopping 68% of US higher education institutions.

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100 Orgs
ShinyHunters, a notorious data theft group, claims to have exploited a critical Oracle PeopleSoft zero-day vulnerability, CVE-2026-35273, to breach over 100 organizations, including the University of Nottingham. The group allegedly stole sensitive data, posting some of it on their leak site.

ShinyHunters Breach Exposes 454,600 University of Nottingham Records
The University of Nottingham has confirmed a major data breach, with a notorious cybercriminal group gaining access to a massive 454,600 student records, affecting both current students and alumni. The university is working closely with authorities and experts to investigate the incident and mitigate its impact.

ShinyHunters Targets Oracle PeopleSoft Servers in Widespread Data Theft Attacks
ShinyHunters, a notorious extortion group, has launched a massive data theft campaign targeting Oracle PeopleSoft servers, compromising over 300 instances across 100+ organizations, with a significant impact on the education sector. The attackers have brazenly claimed responsibility, boasting of their exploits in a chilling conversation with BleepingComputer.

Oxford University Exposes Student Data in Career Website Breach
Oxford University recently suffered a data breach on its career support website, exposing sensitive student information, including full names, email addresses, and encrypted passwords. This incident marks the university's second disclosed data breach of the year, raising concerns about the security of third-party platforms.

North Korea Targets Developers with 250 Fake Job Offers in Credential Heist
In a sneaky credential heist, hackers sent over 250 fake job offers to developers at nearly 100 US organizations, disguising phishing attempts as recruitment messages. The six-week scam targeted professionals in tech, education, and finance.

Ransomware Disrupts Illinois High School, Wales Education Sector
A ransomware attack has forced Evanston Township High School in Illinois to shut down until at least Wednesday, canceling summer school, sports camps, and on-campus activities. The school has activated its incident response procedures and is working with cyber experts to investigate and recover from the breach.

Oxford University Exposes Data Breach After Career Platform Hack
The University of Oxford recently alerted users to a data breach on its CareerConnect platform, which occurred on May 28 when attackers gained access to sensitive information, including names, email addresses, and encrypted passwords. To protect users, locally set passwords have been invalidated and affected users will be prompted to reset their passwords upon next login.

Oxford Uni Student Data Breached Through Career Platform
Oxford University student data has been breached once again, this time through a career platform compromise, leaving records exposed. The incident is a separate attack from a break-in that occurred just last month.

SaaS Providers Face Trust Crisis After Canvas Breach
A massive breach of the Canvas learning management system has left 275 million users reeling, compromising student records and disrupting learning at over 8,800 institutions worldwide. The shocking incident has sparked a trust crisis for SaaS providers, raising urgent questions about security and data protection.

SaaS Breaches Expose Gaps in Enterprise Security Thinking
In a shocking display of vulnerability, ShinyHunters breached Instructure's Canvas platform not once, but twice in a single week, siphoning off a staggering 3.65 terabytes of data from 275 million users across 8,000 institutions. The brazen attacks left hundreds of schools reeling during final exams, forcing Canvas offline and lining the attackers' pockets with a ransom payment.

Ransomware Gang Targets Canvas, Exposes Student Data Risks
A ransomware gang claimed to have stolen data from 275 million students, teachers, and staff, but Instructure, the company behind Canvas, says it's reached a deal with the hackers and has digital proof that the data has been destroyed. But can we really trust that the threat has passed?

Instructure Negotiates Data Return After Ransomware Breach
In a major win for data security, Instructure has successfully negotiated the return of stolen data and confirmed its destruction after a ransomware breach affected nearly 9,000 educational institutions using its Canvas Learning Management System. The company has ensured that its affected customers are protected and won't be individually targeted for extortion.