Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

University of Pennsylvania hit by network compromise

Incident
First reported
Last updated
Happening score
H score 16
1 unique sources, 2 articles

Summary

Hide ▲

The University of Pennsylvania confirmed a breach of internal systems tied to development and alumni activities, exposing data and creating follow-on phishing risk. Attackers used compromised credentials obtained through social engineering and accessed the systems on October 30 before the compromise was discovered on October 31. Penn said information was taken and an offensive email reached the community, indicating active impact beyond simple unauthorized access. The university has locked down the affected systems, notified the FBI, and is warning students and alumni about suspicious messages.

Related Happenings

Xu Zewei extradited for U.S. cyberespionage prosecution

Law Enforcement
First: 27.04.2026 22:56 Last: 27.04.2026 22:56 Sources 1

About this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...

Open Happening

Scattered Spider 2022 SMS phishing campaign targeting technology companies

Campaign
First: 21.04.2026 17:53 Last: 21.04.2026 17:53 Sources 1

About this happening: Tyler Robert Buchanan’s guilty plea newly confirms **Scattered Spider**’s **2022 SMS phishing campaign**, showing it reached **at least a dozen major technology companies** and en...

Open Happening

Signal and WhatsApp anti-phishing account-hardening guidance

Defensive Guidance
First: 21.03.2026 15:17 Last: 21.03.2026 15:17 Sources 1

About this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Monroe University hit by data theft breach

Incident
First: 14.01.2026 10:57 Last: 14.01.2026 10:57 Sources 1

About this happening: **Monroe University** disclosed a **cyberattack breach** that left attackers on its network for **two weeks**, confirming a sustained compromise of a named institution. The unauth...

Open Happening

Timeline

  1. 05.11.2025 18:04 1 articles · 6mo ago

    PennKey SSO credentials used to access University of Pennsylvania systems

    Exploitation Observed

    On October 30, 2025, an intruder used an employee's PennKey SSO account to reach University of Pennsylvania systems tied to development and alumni activities, including the Salesforce instance, Qlik analytics platform, SAP business intelligence system, and SharePoint files.

    Show sources
    Open in new tab
  2. 05.11.2025 18:04 2 articles · 6mo ago

    University of Pennsylvania discovers compromised development and alumni systems

    Initial Disclosure

    On October 31, 2025, the University of Pennsylvania discovered that a select group of information systems related to Penn's development and alumni activities had been compromised. Penn said staff rapidly locked down the systems and prevented further unauthorized access, but not before an offensive and fraudulent email was sent to the community and information was taken; Penn also said it notified the FBI and was working with CrowdStrike.

    Show sources
    Open in new tab
  3. 05.11.2025 18:04 2 articles · 6mo ago

    Penn data theft includes SharePoint, Box, and Salesforce donor records

    Victim Impact Update

    By November 5, 2025, reporting described the University of Pennsylvania compromise as having resulted in the theft of 1.71 GB of internal documents from SharePoint and Box, plus Penn's Salesforce donor marketing database containing 1.2 million records. The stolen material included spreadsheets, documents, financial information, alumni marketing materials, and a broad set of donor data, and the threat actors also said they used Salesforce Marketing Cloud to send an offensive mass email to 700,000 recipients while indicating they were not currently leaking the records.

    Show sources
    Open in new tab