K-12 Cybersecurity Insider | 9/8/2025 edition

Written By Doug Levin

A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.

Mark Your Calendar

In the News

Hackers demanded SC school district pay ransom. They refused.

A June cyber attack against the Lexington-Richland 5 school district delayed the start of summer school, affected pay for teachers and staff, and exfiltrated more than 1 TB of  data, including personal information of more than 31,000 individuals. The State reports that the district received an extortion demand related to the attack but refused to pay. The threat actor Interlock has claimed responsibility for the attack.

Threat Actors Using Stealerium Malware to Attack Educational Organizations

Readily available to low-sophistication actors, commodity information stealers—such as Stealerium—have been deployed via phishing campaigns targeting universities and K-12 networks, with volumes ranging from hundreds to tens of thousands of emails per campaign. The information stealer Stealerium, e.g., has the capability to exfiltrate: keylogging and clipboard data; banking/credit card data (scraped from web forms); browser cookies, cache, and stored credentials; session tokens from gaming services (like Steam, Minecraft, BattleNet, and Uplay); email and chat data (Outlook, Signal, Discord, etc.); system data such as installed apps, hardware info, and Windows product keys; VPN services data (NordVPN, OpenVPN, ProtonVPN, etc.); Wi-Fi network information and passwords, crypto wallet data; and, other files deemed interesting (such as various types of images, source code, databases, and documents). Proofpoint finds that threat actors are increasingly seeking compromised identities, which is why they’ve observed a rise in the use of information stealers.

K12 SIX Calls on Secretary of Education to Enhance K-12 Cybersecurity with AI, for AI, and from AI

K12 SIX submitted comments regarding the U.S. Department of Education's new proposed funding priority—Advancing Artificial Intelligence in Education—for use in currently authorized discretionary grant programs, or such programs that may be authorized in the future. K12 SIX comments can be read here. Many other submissions are posted online at: https://www.regulations.gov/docket/ED-2025-OS-0118/comments

4th Annual National K-12 Cybersecurity Leadership Conference (Feb 2026): Call for Speakers, Registration Open

The National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. Participants from past conferences report overwhelmingly positive feedback about the conference: “I just wanted to reach out to say thank you again for an amazing conference. My team and I all agreed that was by far one of our best conferences any of us have ever attended.” The 4th Annual conference will be held February 24-26, 2026 in Albuquerque, NM.

Fast Facts

  • 51: U.S. K-12 ransomware victims claimed by threat actors (2025 to date) (source)

  • 32: Severe information technology vulnerabilities (CVSS Base Score 7.0+) disclosed in past week (source)

Members Get More

The K12 Security Information eXchange (K12 SIX) operates as the information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.

Doug Levin
Next

K-12 Cybersecurity Insider | 8/25/2025 edition