PhishBowl

The hacker responsible for a breach that put the personal data of New Hampshire students at risk is a Massachusetts college students who said he would have never stopped what he was doing if the FBI hadn't come to his dorm room to arrest him. 

The hacker who is Matthew Lane, 20, says he was addicted to hacking. In what FBI agents call one of the worst hacks they have ever seen, Lane orchestrated from his dorm room at the Assumption College a sophisticated hack of PowerSchool. PowerSchool is a software program used by schools to track grades and some students' medical information. The hack affected 60 million students and teachers. Lane explained his motivation as "Green, for one" and "Two, deep down, I had a deep disdain for myself and, honestly, the things that I was doing, but I couldn't stop."

The Federal Bureau of Investigation (FBI) is releasing a Public Service Announcement (PSA) to highlight data security risks found within foreign-developed mobile applications (apps). As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China. The apps that maintain digital infrastructure in China are subject to China's extensive national security laws, enabling the Chinese government to potentially access mobile app users' data.

Threat actors are compromising Microsoft 365 accounts in phishing attacks that utilize the OAuth device doe authorize mechanism. Attackers trick victims in to entering a device code on Microsoft's legitimate device login page, unknowingly authorizing an attack-controlled application and granting them access to the target account without stealing credentials or bypassing multi-factor authentication (MFA).

Staff should always double‑check website addresses and be on the lookout for “look‑alike” domains that try to mimic trusted sites with subtle changes, such as extra letters, swapped characters, or different endings (for example, .com vs .co).

Scammers are becoming clever with changing how they are attacking their victims. Scammers tend to impersonate the following areas:

We’ve recently seen a surge in phishing emails targeting both district and personal email accounts. These messages often appear to come from trusted colleagues, including a recent example impersonating Misty Her, asking recipients to purchase gift cards.

You may have received an email regarding completing a document or reviewing a file. These emails often appear to come from someone you know or a trusted source, but in reality, they may be phishing attempts designed to steal your personal information or compromise your account.

According to CNBC, millions of people have been victimized by Quishing as more and more bad QR codes appear in public places. Quishing refers to QR code phishing, which is scanning an unverified and malicious QR code.

In May 202th, a phishing campaign emerged which impersonated several U.S. state Department of Motor Vehicles (DMVs). The phishing campaign utilized SMS phishing (smishing) and deceptive websites to harvest personal and financial data. Victims may have received text messages regarding unpaid toll violations, and would be redirected to fake DMV websites that would take payment for a fake toll. These cloned websites would request personal information and credit card details to verify a victim's identity. These phishing campaigns have been analyzed to indicate that these attacks are coming from a China-based threat actor. 

The Department of Motor Vehicles has a public notice that Californians are receiving deceptive text messages that appear to come from the DMV. These texts warn that the customer has failed to pay a toll. The DMV will never send a text message to ask for personal or financial information. If one is received, do not open or reply to the message.