The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]
The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025 that is being circulated among the York University community. The email used the subject line equal or similar to "Notification of Eligibility: Fall 2025 Bonus at York University" and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit […]
York University's Information Security team is aware of a spike in false positive antivirus detections by Windows Defender against benign activity in the powershell.exe and svchost.exe processes. The issue is believed to have begun around the evening of November 26th, 2025, and had widespread impact on November 27th, 2025. Impacted computers displayed periodic desktop notifications […]
The Information Security team has identified a targeted phishing email sent on November 17th, 2025 that is being circulated among the York University community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at York University", and claims to […]
The Information Security team has identified a targeted phishing email being circulated among the York University community. The email, titled "16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from York University Payroll & Employee Relations, and prompts recipients to submit personal information. The email was sent from a compromised external account that is not […]
The Information Security team is aware of a new phishing campaign targeting 1Password users with convincing "fake breach" alerts. Users of both personal and enterprise 1Password accounts should exercise caution and steer clear of emails that falsely claim to be from 1Password. Cybercriminals are distributing emails with the subject line "🔒Watchtower Alert: Password Issue Detected", […]
The Information Security team wants to bring to your immediate attention a phishing email that has been circulating, which appears to originate from a UoT email address. This email is designed to trick recipients into sharing sensitive personal information, including passwords and account details. Please read the information below carefully to protect yourself and our […]
October is Cybersecurity Awareness Month! 🎉 Throughout the month, the Information Security team will be sharing weekly cyber-focused themes, helpful resources, and interactive activities, all posted on our dedicated Cybersecurity Awareness Month page. Be sure to check in each week for new content to keep you informed, engaged, and up to date on York’s latest […]
The Information Security team is aware of a phishing scam targeting International Students that is being circulated among the York community on September 22, 2025. The scam instructs students to provide sensitive information pertaining to their financial institution, passport, and tuition payment information. The scam uses the York University logo and is attempting to impersonate […]
The Information Security team has identified a new phishing scam circulating among the York University community on September 10th, 2025. The email was sent from a compromised external email address using the subject line "Osgoode //Message ID:[#]..." AND "Yorku - //Supplies sign request Document Message ID:[#]" and was observed to be targeting York credentials. The […]