Hundreds of subdomains across dozens of top universities have been compromised by scammers and are now hosting adult content. The breach stems from poor website maintenance and security practices.
Researchers discovered that inactive university subdomains—many tied to defunct projects, old departments, or abandoned initiatives—lack proper oversight and security controls. Scammers exploit this negligence by gaining access and redirecting traffic to pornographic sites, damaging institutional reputation.
The hijacked domains retain authority from their parent university websites, allowing them to rank highly in search results and appear legitimate to users. This makes them valuable real estate for malicious actors seeking to monetize adult content through advertising.
The issue reflects broader challenges in digital housekeeping at large institutions. Universities often maintain thousands of subdomains across departments, research groups, and legacy systems. Without centralized inventory and monitoring, inactive domains become security blind spots.
Expert recommendations include conducting subdomain audits, removing unused domains, implementing security headers, and establishing continuous monitoring. Universities are being urged to treat dormant web properties as potential vulnerabilities rather than harmless digital debris.
A security analysis reveals xAI's Grok Build command-line tool transmits complete source code and project files to xAI's servers. The discovery raises data privacy questions for developers using the tool.
A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.
The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.
Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.