K-12 Cybersecurity Insider | 9/8/2025 edition
A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.
Mark Your Calendar
9/9 - Nonconsensual Deep Fakes: Surfacing Tech-Powered Harassment in K-12 Schools (Center for Democracy & Technology)
9/10 - Hack to School: Cyber Threats and Smarter Defenses for K-12 & Higher Ed (Privacy Technical Assistance Center/US Department of Education)
9/11 - Monthly Cross-Sector Threat Briefing (member-only)
9/17 - Data Breach Apocalypse: Incident Response in an Ever-Changing Threat Landscape (Privacy Technical Assistance Center/US Department of Education)
In the News
Hackers demanded SC school district pay ransom. They refused.
A June cyber attack against the Lexington-Richland 5 school district delayed the start of summer school, affected pay for teachers and staff, and exfiltrated more than 1 TB of data, including personal information of more than 31,000 individuals. The State reports that the district received an extortion demand related to the attack but refused to pay. The threat actor Interlock has claimed responsibility for the attack.
Threat Actors Using Stealerium Malware to Attack Educational Organizations
Readily available to low-sophistication actors, commodity information stealers—such as Stealerium—have been deployed via phishing campaigns targeting universities and K-12 networks, with volumes ranging from hundreds to tens of thousands of emails per campaign. The information stealer Stealerium, e.g., has the capability to exfiltrate: keylogging and clipboard data; banking/credit card data (scraped from web forms); browser cookies, cache, and stored credentials; session tokens from gaming services (like Steam, Minecraft, BattleNet, and Uplay); email and chat data (Outlook, Signal, Discord, etc.); system data such as installed apps, hardware info, and Windows product keys; VPN services data (NordVPN, OpenVPN, ProtonVPN, etc.); Wi-Fi network information and passwords, crypto wallet data; and, other files deemed interesting (such as various types of images, source code, databases, and documents). Proofpoint finds that threat actors are increasingly seeking compromised identities, which is why they’ve observed a rise in the use of information stealers.
K12 SIX Calls on Secretary of Education to Enhance K-12 Cybersecurity with AI, for AI, and from AI
K12 SIX submitted comments regarding the U.S. Department of Education's new proposed funding priority—Advancing Artificial Intelligence in Education—for use in currently authorized discretionary grant programs, or such programs that may be authorized in the future. K12 SIX comments can be read here. Many other submissions are posted online at: https://www.regulations.gov/docket/ED-2025-OS-0118/comments
The National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. Participants from past conferences report overwhelmingly positive feedback about the conference: “I just wanted to reach out to say thank you again for an amazing conference. My team and I all agreed that was by far one of our best conferences any of us have ever attended.” The 4th Annual conference will be held February 24-26, 2026 in Albuquerque, NM.
Fast Facts
51: U.S. K-12 ransomware victims claimed by threat actors (2025 to date) (source)
32: Severe information technology vulnerabilities (CVSS Base Score 7.0+) disclosed in past week (source)
Members Get More
The K12 Security Information eXchange (K12 SIX) operates as the information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.