To the UCB-Security community,
This is a notice from the Information Security Office to alert you to critical vulnerabilities that impact Linux systems. Please share this alert internally with IT admins and service owners who run Linux so they are prepared to take action when patches become available.
This is a preliminary announcement. More information will follow when we have it.
A critical double-free vulnerability in Apache HTTP Server's HTTP/2 module is vulnerable to unauthenticated Remote Code Execution (RCE) and Denial of Service (DoS) attacks. [1]
Attackers can potentially execute arbitrary code remotely by exploiting this vulnerability or conduct Denial of Service attacks by continually crashing Apache worker processes. .
May 8, 2026
Access to bCourses has been restored. Please be aware that you may experience intermittent performance as the bCourses platform stabilizes. Please refer to the RTL News page for more information.
If you encounter any further issues with Canvas or receive any suspicious messages, as always, contact us at security@berkeley.edu.
May 7, 2026
To the UCB-Security community,
This is a notice from the Information Security Office to alert you to a critical vulnerability that impacts Linux systems running unpatched kernels after 4.14[1]. Please share this alert internally with IT admins and service owners who run Linux so they are prepared to take action when patches become available.
This is a preliminary announcement. More information will follow when we have it.
This hoax phishing email sends the recipient an invitation using popular invitation apps. It may be from an unknown sender, or even a known sender with a compromised email account.
The party or event invitation is used to trick recipients into downloading and opening a file. The file is not an invitation but malware that will installing a full remote access tool on their computers.
Unknown senders, will contact faculty posing as real individuals and make specific inquiries regarding their work or publications
The messages could have subject lines similar to any of the following:
The scam may not be a direct malicious threat, but the sender's accounts are fake and the goal is to gather data to use in Large Language Models to enhance AI apps.
Unknown senders, will contact faculty , usually from a @gmail.com address, and offer assistance writing and editing a professional Wikipedia page.
The messages could have subject lines similar to any of the following:
This phony email is allegedly from a UC Berkeley professor, offering a fake internship scam if the applicant would provide additional details.
One of the items they will require is a scan of the applicant's Cal-1 ID card. The Cal-1 card should be handled like any other sensitive document (credit card, driver's license, etc.). You should never be asked to email it to a prospective UCB recruiter.
To the UCB-Security community,
This is a notice from the Information Security Office to alert you to a high severity vulnerability that impacts MongoDB Server [1]. Please share this alert internally with IT admins and service owners who run the product so they are aware and know what actions to take to address this vulnerability.
To the UCB-Security community,
This is a notice from the Information Security Office to alert you to a critical vulnerability that impacts WordPress servers using the Modular DS plugin. Please share this alert internally with IT admins and service owners who run the product so they are aware and know what actions to take to address this vulnerability.
This phony email is allegedly from a campus department regarding new salary details or a financial bonus.
The message will request you follow a link and enter your CalNet username and password, and often personal cell phone number for your new salary or compensation details.
A default setting in bCal may allow anyone from the internet to add you to a Google Calendar invite. This is being used to create fake spam meetings or include potentially malicious links or attachments. Any links included are as dangerous as the ones that would have been included in a phishing email.
The non UC Berkeley senders are sourcing @berkeley.edu email addresses and creating the fake meeting, including subjects like:
This fake email is allegedly from a campus member and offers to generously give away musical instruments or sometimes welding tools if only the recipient will pay for shipping.
They will recommend a moving company who will ask you to send money via Zelle, PayPal, or another digital wallet app, wire money, or pay with prepaid debit cards.
This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.
The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.
This targeted phishing scam uses urgency indicating a task to complete.
The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.
Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).
July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.
The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.
We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.
These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.