
Are Your Student's University Email and Files Safe? What College Families Need to Know
Hackers targeted email systems at U.S. and Canadian universities to steal passwords and spy on researchers. Students and faculty may be affected.
Source
BleepingComputer
Original headline: Hackers exploit Roundcube flaw to spy on academic researchers
Plain-English summary by GetCyberRight. Read the full report at the source above.
Cybercriminals have been breaking into email systems used by universities across the United States and Canada. They exploited a security flaw in Roundcube, an email program that many colleges use. The hackers specifically targeted academic researchers, stealing their login credentials and installing secret spying software on the university servers.
This affects students, faculty, and staff at universities that use Roundcube for email. If your student attends a U.S. or Canadian university, their email account could potentially be compromised. The attackers can read emails, steal passwords, and access any files or research stored in university accounts.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Anyone who uses their university email for personal matters, like password resets for other accounts, faces additional risk. If you or your college student use university email, take these steps right away.
- Change your university email password immediately through your school's official portal.
- Enable two-factor authentication on your university account if it is available. Contact your school's IT help desk if you need assistance.
- Change passwords on any other accounts where you used the same password as your university email.
- Watch for suspicious emails that appear to come from your university, especially ones asking you to click links or provide login information. Beyond this immediate threat, make sure your student understands basic email safety. Never reuse passwords across multiple accounts, especially for important services like email, banking, or social media. Use a password manager to create and store unique passwords for every account. Be suspicious of any email asking you to click a link or download an attachment, even if it appears to come from the university. When in doubt, contact the IT department directly using a phone number from the official university website, not from the email itself.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Artificial Intelligence Now Running Cyberattacks on Its Own
Researchers documented the first AI system that planned and executed a ransomware attack without human guidance. This represents a new threat.
2 min read
AI Runs First Fully Automatic Ransomware Attack: What Parents Need to Know
Researchers documented an AI system that carried out a complete ransomware attack by itself, raising concerns about future cyber threats.
2 min read
Fake Payment Apps Steal Information: Check If You're Affected
Scammers created fake versions of payment software to steal login credentials. If you or family members use payment apps, read this carefully.
2 min read
Fake Payment App Tools Stealing Information From Developers
Criminals created fake software tools that appeared to be from legitimate payment services like Paysafe and Skrill, targeting software developers with malware.
2 min read