
If Your Family Uses University Email, Watch for Suspicious Activity
Hackers targeted email systems at U.S. and Canadian universities to steal passwords. Students and staff with university email accounts should take action.
Source
BleepingComputer
Original headline: Hackers exploit Roundcube flaw to spy on academic researchers
Plain-English summary by GetCyberRight. Read the full report at the source above.
Cybercriminals have been breaking into email systems at universities across the United States and Canada. They targeted a specific email program called Roundcube that many schools use. The hackers stole login credentials (usernames and passwords) and installed malicious software that lets them spy on email accounts. This affects students, professors, researchers, and staff at universities that use Roundcube email. If you or your child has a university email account ending in .edu, your account could be at risk. The hackers specifically targeted academic researchers, but anyone using these compromised email systems could have had their password stolen.
Your personal emails, research data, and any sensitive information sent through university email may have been accessed.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Here is what you should do right now. First, change your university email password immediately. Make it long and unique, something you do not use anywhere else. Second, enable two-factor authentication on your university account if available. This adds an extra security step when logging in. Third, watch for suspicious emails that ask you to click links or download files, even if they appear to come from colleagues or other students. Fourth, check your email settings for any forwarding rules you did not create, as hackers sometimes set emails to secretly forward to themselves. To stay protected long term, never reuse passwords across different accounts. Use a password manager to keep track of unique passwords for each site. Always turn on two-factor authentication when it is offered, especially for email and school accounts. Be extra cautious about clicking links in emails, even from people you know. Their accounts could be compromised too.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Artificial Intelligence Now Running Cyberattacks on Its Own
Researchers documented the first AI system that planned and executed a ransomware attack without human guidance. This represents a new threat.
2 min read
AI Runs First Fully Automatic Ransomware Attack: What Parents Need to Know
Researchers documented an AI system that carried out a complete ransomware attack by itself, raising concerns about future cyber threats.
2 min read
Fake Payment Apps Steal Information: Check If You're Affected
Scammers created fake versions of payment software to steal login credentials. If you or family members use payment apps, read this carefully.
2 min read
Fake Payment App Tools Stealing Information From Developers
Criminals created fake software tools that appeared to be from legitimate payment services like Paysafe and Skrill, targeting software developers with malware.
2 min read