Alerts

ASP.NET Core Privilege Escalation Vulnerability (CVE-2026-40372)

Posted on April 23, 2026

Information Security Advisory A recently disclosed vulnerability (CVE-2026-40372) affects a Windows-based application and may allow unauthenticated remote attackers to escalate privileges. Severity level CVSS Score: 9.1/Critical. Description: CVE‑2026‑40372 is a critical security vulnerability that arises from improper control of file names or file paths within a Windows-based application. The affected component processes user-supplied […]

Adobe Acrobat security vulnerability (CVE-2026-34621)

Posted on April 15, 2026

Information Security Advisory A recently disclosed high‑severity vulnerability in Adobe Acrobat and Acrobat Reader (CVE‑2026‑34621) allows attackers to execute arbitrary code on affected systems by tricking users into opening a specially crafted PDF file. Severity level: CVSS Score: 8.6/High Description: Adobe Acrobat and Acrobat Reader contain an improperly controlled modification of object prototype […]

Ninja Forms WordPress Plugin Vulnerability (CVE-2026-0740)

Posted on April 8, 2026

Information Security Advisory A recently disclosed critical vulnerability in the Ninja Forms – File Uploads plugin for WordPress (CVE‑2026‑0740) allows unauthenticated remote attackers to upload arbitrary files, potentially leading to remote code execution and full site compromise. Severity level: CVSS Score: 9.8/Critical Description: The Ninja Forms – File Uploads plugin for WordPress fails […]

Ninja Forms WordPress Plugin Vulnerability (CVE-2026-0740)

Posted on April 8, 2026

[RESOLVED] RE: Service Advisory - Insight is currently unavailable - Mon. Mar. 23, 2026

Posted on March 24, 2026

Service Advisory Please share the following with your teams. Service: Insight service has been restored Impact/Details: The service and system has been restored Our teams are continuing to monitor the system for stability Teams are investigating root cause We thank you for your continued cooperation and understanding. Contact IT Client Services at askIT@yorku.ca or […]

Service Advisory - Insight is currently unavailable - Mon. Mar. 23, 2026

Posted on March 23, 2026

Service Advisory Please share the following with your teams. Service Outage: Insight is currently unavailable. UIT is investigating. Impact/Details: The system is unavailable and/or information is not displayed. We thank you for your continued cooperation and understanding. Contact IT Client Services at askIT@yorku.ca or 416 736 5800 PRIVACY POLICY | VISIT WWW.YORKU.CA This […]

Zoom Workplace for Windows Vulnerability (CVE-2026-30903)

Posted on March 20, 2026

Information Security Advisory A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE‑2026‑30903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths. Severity level: CVSS Score: 9.6/Critical Description: Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this […]

Service Outage - MyApps SIS applications - Thursday March 19, 2026 [RESOLVED at 9:15am]

Posted on March 19, 2026

Service Advisory Please share the following with your teams. Service Outage: MyApps service hosts the classic SIS applications and allows designated staff community to launch them remotely. We had an unexpected service outage this morning, during which the classic SIS applications will not launch via the Launch Remote option. Outage Window: Start: Thursday March […]

Service Outage - MyApps SIS applications - Thursday March 19, 2026 [RESOLVED at 9:15am]

Posted on March 19, 2026

How UIT is Helping to Making Research in Academia More Efficient

Posted on February 26, 2026

York University has positioned itself at the forefront of AI adoption in Canadian higher education, thanks in no small part to the launch of YU AURA. While YU AURA can be used by anyone at York, one of its standout features is its ability to empower research. Faculty can use the AURA bot to act as their very […]