Princeton University faced a security incident on November 10, 2025, when outside attackers gained unauthorized access to a database managed by the University Advancement department.

The compromised database contained personal information of alumni, donors, faculty members, students, parents, and other community members.

The breach lasted less than 24 hours before security teams discovered the intrusion and removed the attackers from the system.

The database held sensitive personal details including names, email addresses, phone numbers, home and business addresses, along with records of fundraising activities and donation histories.

However, university officials confirmed that the database did not generally contain Social Security numbers, passwords, financial information like credit card numbers, or detailed student records protected under federal privacy laws.

The incident raised concerns about potential phishing attacks targeting the affected individuals.

Princeton University security analysts identified the breach within 24 hours of the initial compromise and immediately began working with external cybersecurity experts and law enforcement agencies to investigate the incident.

The university sent notifications to potentially affected individuals on November 15, warning them to stay alert for suspicious communications that might appear to come from the institution.

Officials stressed that legitimate university representatives would never request sensitive information such as Social Security numbers, passwords, or banking details through phone calls, texts, or emails.

The investigation revealed that no other Princeton technology systems were compromised during the attack.

However, some university systems experienced service disruptions starting November 14, though officials did not confirm whether these issues were directly related to the cybersecurity incident.

The university created a dedicated information page and response email address to handle inquiries from affected individuals.

Response and Containment Measures

The university’s response team acted quickly to contain the breach and prevent further unauthorized access.

Security experts worked around the clock to analyze the attack vectors and determine the full scope of the compromise.

While the investigation continues, officials have not yet confirmed exactly what information the attackers viewed or extracted from the database.

The university continues updating affected parties as new details emerge from the ongoing forensic analysis.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Princeton University Data Breach – Database with Donor Info Compromised appeared first on Cyber Security News.

A dangerous scam targeting WhatsApp users has emerged as one of the fastest-growing threats across messaging platforms worldwide.

The scheme exploits WhatsApp’s screen-sharing feature, introduced in 2023, to manipulate users into exposing their most sensitive financial and personal information.

Reports from the United Kingdom, India, Hong Kong, and Brazil highlight the scam’s global reach, with one documented case in Hong Kong resulting in a loss of HK$5.5 million, equivalent to US$700,000.

This social engineering attack demonstrates how even trusted communication platforms can become weapons when criminals combine psychological manipulation with technical access to a user’s device.

The scam operates on a foundation of deception rather than sophisticated malware, relying entirely on human psychology to achieve its goals.

Attackers place unsolicited WhatsApp video calls, impersonating bank representatives, Meta support agents, or even family members in distress.

To appear legitimate, they spoof local phone numbers and deliberately disable or blur their video feed to conceal their identity.

The attacker then creates a false sense of urgency by claiming unauthorized charges on credit cards, suspicious account activity, or pending verification issues that require immediate action.

ESET security researchers have identified this scam as a particularly effective variant of remote access fraud that exploits three critical elements: trust established through an impersonated authority figure, urgency created through fabricated threats, and control granted by the screen-sharing feature or remote access applications.

The combination of these factors provides criminals with near-complete visibility into a user’s smartphone.

Once the victim agrees to share their screen, the attacker’s access becomes comprehensive. Criminals can observe passwords, two-factor authentication codes, one-time passwords, and banking applications in real time.

They can capture screenshots, request the user to open financial apps, and manipulate them into authorizing unauthorized bank transfers under the pretense of resolving technical issues.

More alarmingly, attackers often trick users into installing remote access tools like AnyDesk or TeamViewer, which grant them full control of the device.

Some victims have unknowingly installed malware such as keyloggers that silently record sensitive information for later exploitation.

Technical Mechanism

The Technical Mechanism Behind Account Takeover demonstrates why this attack remains so dangerous. When an attacker gains access to incoming text messages and WhatsApp verification codes through screen sharing, they can immediately hijack the victim’s WhatsApp account.

With control of the account, criminals access stored conversations, financial data, and personal contacts.

They proceed to drain banking accounts, hijack social media profiles, and impersonate victims to target their relatives and friends with the same scam, creating cascading waves of fraud.

Defense against this threat depends primarily on awareness and discipline rather than technical solutions.

Users should never share their screen with unknown callers and must independently verify any alarming information through official channels before taking action.

Enabling two-step verification in WhatsApp by navigating to Settings → Account → Two-step verification provides crucial protection by requiring a second authentication factor even if credentials are compromised.

Organizations and individuals must recognize that social engineering remains the most powerful weapon in a cybercriminal’s arsenal, making skepticism and careful judgment the strongest defenses against such attacks.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post WhatsApp Screen-Sharing Scam Let Attackers Trick Users into Revealing Sensitive Data appeared first on Cyber Security News.

In a major law enforcement operation conducted on November 12, 2025, the East Netherlands cybercrime team successfully dismantled a significant criminal infrastructure.

Authorities seized approximately 250 physical servers located in data centers across The Hague and Zoetermeer, which collectively powered thousands of virtual servers used for illegal activities.

This operation represents one of the largest infrastructure takedowns targeting bulletproof hosting services that have been instrumental in facilitating cybercrimes across multiple jurisdictions.

The seized hosting company operated under the guise of legitimacy while providing complete anonymity to its users.

Police analysts identified that the provider marketed itself as bulletproof hosting, explicitly claiming not to cooperate with law enforcement agencies and guaranteeing protection for its criminal clientele.

Despite these promises, the company’s infrastructure ultimately became the centerpiece of a comprehensive investigation that has exposed its true nature as a criminal enterprise serving exclusively illegal purposes.

Police.nl security analysts noted that the hosting company had appeared in more than 80 criminal investigations both domestically and internationally since 2022.

The company continued facilitating illegal operations until the moment of seizure, demonstrating its persistent role in supporting various cybercriminal activities across different threat landscapes and attack vectors.

The Criminal Infrastructure’s Role in Cyberattacks

The rogue hosting provider functioned as a critical enabler for multiple types of cybercriminal activities.

Criminals rented digital space from this company to launch ransomware attacks, deploy botnets designed to compromise thousands of systems, execute sophisticated phishing campaigns targeting organizations and individuals, and distribute child exploitation material.

This hosting service essentially provided the digital foundation that allowed threat actors to conduct their operations with perceived impunity.

The operational scope of this infrastructure was substantial, with the platform housing criminal websites, malware command-and-control servers, phishing infrastructure, and various other illegal services.

The seizure of both physical and virtual servers immediately disrupted these criminal operations and prevented new attacks from being launched through this particular infrastructure.

Following the seizure, authorities prioritized analyzing the vast amount of data recovered from the servers to identify additional criminal networks, individual threat actors, and victims requiring notification.

The investigation continues with law enforcement agencies focusing on identifying all users of the hosting service and tracing the full extent of criminal activities conducted through this infrastructure.

This operation demonstrates the critical importance of targeting the underlying infrastructure that enables cybercriminal operations at scale.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks appeared first on Cyber Security News.