Instructure, the company that operates Canvas (the learning management system used at Schulich to manage coursework, assignments, grades, and course communications), has reported a cybersecurity incident that appears to have affected Canvas at thousands of educational institutions worldwide. Canvas remains available and University teaching and learning activities can continue as usual. We will share any changes if Instructure’s […]
ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That’s why […]
The Information Security team has identified a fraudulent website impersonating York University that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official York University web properties and may be encountered when users attempt to access University services through search engines. The impersonation site is NOT affiliated […]
The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the York University community. The email used the subject line equal or similar to "Winter 2026 Term Commencement – Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" […]
The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]
The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025 that is being circulated among the York University community. The email used the subject line equal or similar to "Notification of Eligibility: Fall 2025 Bonus at York University" and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit […]
York University's Information Security team is aware of a spike in false positive antivirus detections by Windows Defender against benign activity in the powershell.exe and svchost.exe processes. The issue is believed to have begun around the evening of November 26th, 2025, and had widespread impact on November 27th, 2025. Impacted computers displayed periodic desktop notifications […]
The Information Security team has identified a targeted phishing email sent on November 17th, 2025 that is being circulated among the York University community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at York University", and claims to […]
The Information Security team has identified a targeted phishing email being circulated among the York University community. The email, titled "16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from York University Payroll & Employee Relations, and prompts recipients to submit personal information. The email was sent from a compromised external account that is not […]
The Information Security team is aware of a new phishing campaign targeting 1Password users with convincing "fake breach" alerts. Users of both personal and enterprise 1Password accounts should exercise caution and steer clear of emails that falsely claim to be from 1Password. Cybercriminals are distributing emails with the subject line "🔒Watchtower Alert: Password Issue Detected", […]