VulnHub

Real-time Cybersecurity News

Back to all threats

Over 70 Domains Used in Months-Long Phishing Spree Against US Universities

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Actively Exploited
PhishingIntel

Summary

A phishing campaign utilizing the Evilginx kit has targeted 18 US universities, successfully bypassing Multi-Factor Authentication (MFA) to steal credentials over a period from April to November 2025. The severity of the threat highlights the vulnerabilities in MFA systems and the need for enhanced security measures in educational institutions.

Original Article Summary

Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.

Impact

18 US universities

In the Wild

Yes

Timeline

Ongoing since April 2025

Remediation

Educational institutions should enhance their MFA systems, implement user training on recognizing phishing attempts, and consider additional layers of security such as anomaly detection and threat intelligence.

Read Original Article

Related Coverage

UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims

Infosecurity Magazine

The UK Information Commissioner's Office (ICO) is seeking urgent clarity regarding claims of racial bias in facial recognition technology, particularly as highlighted in a recent Home Office report. This raises significant concerns about the implications of biased technology in law enforcement practices and its potential impact on civil rights.

Dec 8, 2025

Exploitation of React2Shell Surges

SecurityWeek

The article discusses the rising exploitation of the React vulnerability CVE-2025-55182 by threat actors. This vulnerability poses a significant risk as it is being actively targeted in various attacks, highlighting the urgency for organizations to address it promptly.

Dec 8, 2025

Prompt injection is not SQL injection (it may be worse)

NCSC Feed

The article discusses the differences between prompt injection and SQL injection, emphasizing the potential severity of prompt injection as a cybersecurity threat. It highlights that misunderstanding these differences can undermine mitigation strategies, suggesting that prompt injection may pose unique risks that require specific attention.

Dec 8, 2025

Barts Health Seeks High Court Ban After Oracle EBS Breach

Infosecurity Magazine

Barts Health NHS Trust has become a victim of a cyberattack linked to the Cl0p ransomware group, which has targeted Oracle EBS systems. This incident raises significant concerns regarding the security of sensitive data within healthcare organizations and highlights the ongoing threat posed by ransomware groups.

Dec 8, 2025

NVIDIA research shows how agentic AI fails under attack

Help Net Security

NVIDIA's research highlights the vulnerabilities of agentic AI systems, which operate with minimal human oversight. These systems face new risks due to their interactions with various models, tools, and data sources, necessitating a safety and security framework to address these challenges.

Dec 8, 2025

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Hacker News

The Iranian hacking group MuddyWater has deployed a new backdoor known as UDPGangster, which utilizes the User Datagram Protocol for command-and-control operations. This targeted cyber espionage campaign is focused on users in Turkey, Israel, and Azerbaijan, highlighting the ongoing threat posed by state-sponsored hacking groups in the region.

Dec 8, 2025