Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Universities are built for openness, but that openness comes with a steep price. Higher education institutions face an average of 3,574 cyberattacks per week, the highest of any industry. With open networks, unmanaged devices, and critical research infrastructure, they have become a prime target for cybercriminals, nation-state actors, and ransomware groups.

CVE-2025-1974 is a critical remote code execution (RCE) vulnerability in Kubernetes’ Ingress-NGINX Controller that allows unauthenticated attackers with network access to inject arbitrary NGINX configuration directives, potentially leading to full cluster compromise. Ingress-NGINX is a software-only ingress controller provided by the Kubernetes project. Because of its versatility and ease of use, ingress-nginx is quite popular: it is deployed in over 40% of Kubernetes clusters.

On March 11, 2025, a supply chain attack targeting the widely used GitHub Action reviewdog/action-setup@v1, leading to the exposure of sensitive CI/CD secrets across multiple repositories. The attack was identified by Wiz Research, which determined that this compromise played a pivotal role in the tj-actions/changed-files incident (Wiz, 2025).

Securing a Higher Education Campus remains a significant challenge. There is a direct conflict between the open collaborative nature of our advanced institutes of learning and the perennial need to lock down all sources and targets of cyber threats. For example, in an EDUCAUSE survey, it identified cybersecurity as the number one IT issue for universities in 2024, reflecting the immense pressure on security teams.

QakBot (also known as Qbot or Pinkslipbot) is a highly adaptive malware that has evolved over the past decade to evade security defenses. Initially developed as a banking trojan to steal financial data, it has since expanded its capabilities, employing advanced evasion techniques and a modular architecture to facilitate credential theft, lateral movement, and ransomware deployment.

In the days leading up to the publication of the Apache Camel Message Header Injection via Improper Filtering, now known as CVE-2025-27636, alarmist noise emerged from the wider cyber community, with Kevin Beaumont describing it as an “end of the world zero day” in Apache Camel, along with explicit details on how elements of this vulnerability worked.

On Wednesday, March 5th, Kibana disclosed a security vulnerability with a Critical CVSS score of 9.9 impacting versions 8.15.0 through 8.17.2, with 8.17.3 being patched to fully remediate the vulnerability. The vulnerability, known as prototype pollution, revolves around the malicious crafting of file uploads and the sending HTTP requests leading to arbitrary code execution on the host machine.

On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative privileges on a virtual machine to execute code as the VMX process on the host.