AI spam filters are getting suckered by old-school text salting
Turns out decades-old email tricks still work against some LLM-powered email filters
Discover the latest in cybersecurity education, training programs, courses, and certifications to secure digital environments effectively.
Search across headline titles and summaries.
Background for this topic.
Education comprises schools, colleges, universities, training providers, and the systems supporting teaching, assessment, administration, and research. Its distinctive assets include student and staff records, attendance and grades, learning materials, research data, payment information, and sometimes sensitive information about children or vulnerable people. Core dependencies include identity systems, email, learning platforms, campus networks, cloud services, online examination tools, and third-party platforms; disruption can affect teaching, assessment, safeguarding, or essential administration.
Security priorities include tightly scoped access for students, staff, contractors, and researchers; strong authentication; timely patching of internet-facing and classroom-managed devices; and careful control of data shared with service providers. Privacy requirements make retention, access logging, and protection of educational and research records material. Because education operates on fixed academic schedules and often has limited recovery windows, tested backups, offline or segregated recovery copies, and rehearsed procedures for isolating accounts or systems can support continuity. Vulnerability management should account for legacy devices and decentralized departmental technology, while incident response plans should preserve evidence and provide clear communications to affected communities.
Weekly headline count for the current query.
Turns out decades-old email tricks still work against some LLM-powered email filters
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
ShinyHunters leaks names, addresses, DOBs, and more after Christian college discloses cyberattack
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Spotted in intrusions targeting insurance, education, IT, and professional services sectors
Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026
And the admin password was right in the Active Directory description field
A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. [...]
EdTech firms face rising cyberattacks as ShinyHunters and FulcrumSec target schools, exposing sensitive data and disrupting services. Resecurity (USA) warns the education technology (EdTech) sector has become a prime target for cybercriminals, as attacks against educational institutions and related platforms continue to escalate. Recent high-profile incidents, including attacks by groups such as ShinyHunters and FulcrumSec, […]
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively
Mandiant: 68% of Targets Were Higher Ed Institutions Running PeopleSoftShinyHunters exploited a critical zero-day in Oracle PeopleSoft to breach more than 100 organizations globally, researchers at Mandiant and Google's Threat Intelligence Group said, with universities and colleges accounting for the majority of confirmed targets in the active extortion campaign.
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]
A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]
Iowan’s scheme undone after misplacing trust in former coworker
Program Focuses on AI Governance, Safety, Privacy, Bias and TransparencyAccreditation organization Joint Commission is rolling out a voluntary program for certifying the "responsible" deployment and use of artificial intelligence technologies by U.S. healthcare provider organizations, including governance, safeguards, monitoring processes and education.
Meanwhile, 13 schools in Wales affected by separate attack
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent