K-12 Cybersecurity Insider | 7/28/2025 edition

A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.

Mark Your Calendar

• 7/29 - Simplifying K-12 Cybersecurity with Cisco Firewall and XDR (sponsored)

• 7/30 - Demystifying FERPA: Navigating Access and Amendment Requests with Trust and Clarity (U.S. Department of Education/PTAC)

• 8/14 - Monthly Cross-Sector Threat Briefing (member-only)

In the News

On-Prem SharePoint? Act Now to Patch

Not for the first time, Microsoft customers are the target of a mass hacking campaign carried out, at least in part, by China-backed hackers. Among the victims are the U.S. Department of Education, NIH, National Nuclear Security Administration, FL Dept of Revenue, RI General Assembly - and K-12 school systems nationwide. If you run on-prem SharePoint, exposed to the internet, the safest thing to do is presume compromise. CISA has the details on patch availability and threat hunting advice.

U.S. Department of Education Grant Management Site Mimicked in Phishing Campaign

With reduced staffing levels at the U.S. Department of Education and CISA - and confusion about grant status, recissions, holds, etc. - it is vital that K-12 education administrators and staff follow good cyber hygiene practices, especially for anything related to financial or sensitive information. Be sure to alert any staff with federal grants management responsibility to double-check those URLs (bookmark ‘em, don’t rely on search).

Arkansas School District Loses Access to Phone, Internet as It Responds to Ongoing Cyber Incident

On Monday July 21 Fort Smith Public Schools announced it had experienced a cyber incident that took down both phone and internet systems districtwide. By the end of the week, district officials reported that essential operations, internet and communication systems were returning online in “a limited and carefully managed way.” District offices were to have services restored by the end of the day, but no timeline has been announced for full restoration, including for communications and internet access at its 28 schools.

Fast Facts

• 42: U.S. K-12 ransomware victims claimed by threat actors (2025 to date) (source)

• 63: Severe information technology vulnerabilities (CVSS Base Score 7.0+) disclosed in past week (source)

Members Get More

The K12 Security Information eXchange (K12 SIX) operates as the information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.