ABOUT:

• This is a condensed version of our digest of recent security incidents spanning the full spectrum of threats – cyber, physical, personnel –  to Higher Education Institutions (HEIs), research, and innovation.

• The information is open source only and this digest is produced for information only.

EXECUTIVE SUMMARY:

• In August 2025, SECURED observed 25 security incidents affecting HEIs from open-source data, a 3.9%  decrease on July 2025. Of these incidents, 80.0% were cyber, 12.0% hybrid, and 8.0% physical. Security incidents recorded in August 2025 underline that cyber threats remain the most significant risk facing HEIs. 

• August 2025 saw cyber events  increase by 15.6%  compared to July 2025, with institutions struggling to recover from large-scale cyber breaches.  As HEIs continue to be targeted with cyber attacks, institutions are increasingly investing in resilience and recovery capabilities to mitigate operational disruption and reputational damage. 

• Developments in the US and Russia are heightening digital security risks for travelling researchers, with increased searches of electronic devices in the US and an expansion of surveillance and monitoring capabilities in Russia. Cases observed in August demonstrate the potential for long-term detention of researchers travelling abroad. 

At Tyburn St Raphael, we specialise at countering threats to cutting-edge research and innovation.

We are experts in providing travel security assessments and strengthening organisational security posture to protect intellectual property. 

CONTACT US

TYBURN Recommendations:

Support at-risk researchers with tailored security provision 

• Incidents in August 2025  highlighted travel security risks to  researchers working on cutting edge or sensitive projects. Institutions should work with security experts to develop tailored controls to mitigate these threats, along with operational support to ensure researchers can continue to do their work. 

Assess cyber resilience and recovery capabilities amid rising cyber threats

• Cyber incidents in August have highlighted the operational challenges HEIs face in returning to business as usual after an incident, with recovery protocols often failing under real-world conditions. Institutions should prioritise a review of their incident response and recovery plans, with testing informed by current intelligence on threats. 

Engage external experts to provide  open-source intelligence on threats

• Security risks are evolving as HEIs face increased targeting by state-level actors using hybrid threat vectors. The shifting geopolitical landscape is transforming previously low-risk partnerships into high-risk exposures. Commercial open-source monitoring capabilities can provide institutions with timely, actionable intelligence to support proactive decision-making and early risk mitigation. 
  

Incident data

Open-source data on security incidents with commentary

Universities involved in AUKUS - 01/08/2025 - UK, US, Australia - Hybrid

Event: The scale and pace of malicious foreign espionage campaigns targeting Australia is rapidly increasing, according to Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess. During a lecture at the University of South Australia, Burgess identified China, Russia, and Iran  as key malicious actors, noting that 24 major operations had been disrupted over the past three years — more than in the previous eight  years combined. Burgess cited a new ASIO report indicating that espionage cost the Australian economy at least AUD12.5 billion in the 2023-2024 period. Technology and defence research produced through the AUKUS alliance was specifically highlighted as a prime focus for foreign intelligence operations.  Link 1 Link 2 Link 3 Link 4

Comment: Foreign espionage operations — particularly those conducted by adversarial states such as China, Russia, and Iran – are increasing in scale and sophistication. SECURED assesses that this is due to operators now willing to take risks that would have been unlikely a decade ago. This has extended to universities and research institutions conducting sensitive defence research, as foreign intelligence agencies have exploited universities' weak security practices. The AUKUS alliance has drawn elevated attention from adversary intelligence services. Insufficient security processes and cultures for researchers and individuals involved in AUKUS has made targeting easier. For instance,  more than 7,000 individuals listed defence-sector roles on professional profiles, such as Linkedin and other sites, including nearly 400 who explicitly reference involvement in the AUKUS rollout.  Thousands more referenced submarines and nuclear technology. For universities and research institutions, inadequate research security carries immediate consequences, including the potential withdrawal of funding and exclusion from partnerships.

Harvard University - 03/08/2025 - US - Hybrid

Event: The US House of Representatives has opened an inquiry into Harvard University over its alleged connections with entities affiliated with the Chinese Communist Party (CCP). A letter sent to the Harvard administration included allegations from whistleblowers that the Harvard Kennedy School maintained a longstanding partnership with the Chinese Executive Leadership Academy Pudong (CELAP), a training institution overseen by the CCP. US investigators have requested insight into monetary and non-monetary benefits received by Harvard University from Chinese sources. Link 1 Link 2 Link 3

Comment: The CCP employs multiple vectors – including students, funding mechanisms, and state representatives – to target Western academia. These influence and espionage operations are designed not to suppress dissenting narratives and expand CCP influence abroad, collect intelligence, and steal intellectual property. Western institutions’ growing financial reliance on Chinese student tuition fees and funding has been a central enabler of this influence. Harvard University has reportedly received USD150 million from China between 2015 and 2024. This incident highlights the need for HEIs to maintain situational awareness of evolving geopolitical dynamics, which pose material risks to research security, institutional reputation, and long-term financial sustainability. 

Columbia University - 08/08/2025 - US- Cyber

Event: On early 6 August, Columbia University confirmed that a June 2025 breach of its network by an unidentified threat actor had led to the exposure of 860,000 people’s personal information. Bloomberg news reported, based on access to 54.6GB of the data, that the sensitive information included bank account details, student loan and scholarship details, test scores, home addresses, and contact information. Link 1 Link 2 Link 3 Link 4

Comment:  Columbia University faces serious legal, reputational, and financial ramifications as a consequence of the data breach, given the scale and sensitivity of the compromised information. The US Department of Education and the Federal Communications Commission have already begun investigations into the university's cybersecurity practices. In response, Columbia has partnered with a cybersecurity and risk mitigation firm to provide additional support to those affected by the breach. Universities that experience such substantial cyber breaches face the real and immediate prospect of losing funding, partnerships, and exclusion from future research projects, especially from security conscious partners.

University of Western Australia - 09/08/2025 - Australia - Cyber

Event:  On 9 August 2025, the University of Western Australia (UWA) experienced a major cyber incident that caused significant operational disruption. The university confirmed that it was investigating a cyber security incident involving student and faculty password information. Upon detecting the incident, UWA’s cybersecurity team locked staff and students out of internal systems and advised that passwords should be reset. The university stated that only password data had been compromised, although details of how the breach occurred remain unclear. Link 1 Link 2 Link 3 Link 4

Comment: As of 31 August, the identity and motivations of the threat actor(s) remain unclear. Universities continue to be attractive targets for a wide-spectrum of cyber threat actors, ranging from hacktivists to state-sponsored and directed actors. This is not the first cyber incident to affect the UWA: a 22-year-old not affiliated with the university compromised the university's internal systems and exposed confidential information in 2022. UWA has demonstrated improved resilience by minimising the impact of the August 2025 incident through a more effective incident response plan which prioritised response speed and recovery of critical digital systems that are essential for faculty and staff. This underlines the critical role of robust incident response governance, which is becoming an increasingly important element of broader risk management with the rising cyber threat landscape.

Centre for Humanitarian Dialogue - 21/08/2025 - Switzerland - Hybrid

Event: On 21 August 2025, Russian authorities produced a new espionage charge for French researcher Laurent Vinatier. Vinatier was originally arrested in Moscow on 6 June 2024 on espionage charges under Russia's foreign agents law, and was sentenced to 3 years in a penal colony. The latest set of charges could result in a sentence of up to 20 years in prison, with proceedings conducted behind closed-doors and Vitanier's lawyer barred from answering journalists' questions.  Link 1 Link 2 Link 3

Comment: Vinatier, a specialist researcher on Russia and other post-Soviet Union countries, was working with the Swiss research institution Centre for Humanitarian Dialogue at the time of his original arrest. His detention by Russian authorities reflects a broader strategy of exerting pressure on Western states during the war in Ukraine, using the foreign agents law to target both foreign nationals and domestic critics. We assess that Russia is using Vinatier’s detention to place pressure on France and Switzerland; researchers are particularly exposed in this environment, as their work can be easily reframed by autocratic regimes as intelligence gathering. This vulnerability is compounded by the limited security training and protective protocols typically provided to researchers, leaving them at heightened risk of targeting.

University of George, Clark Atlanta University, University of West Georgia  - 29/08/2025 - US - Physical

Event: On 29 August 2025, multiple universities in Georgia (including the University of Georgia, Clark Atlanta University, and the University of West Georgia) were targeted by hoax active shooter calls. These hoax calls, referred to as 'swatting' hoaxes, forced emergency lockdowns and alerts, and the deployment of armed response units. Law enforcement units later confirmed that the incident was a false alarm, and the FBI is coordinating with local law enforcement agencies to investigate the event. Link 1 Link 2 Link 3

Comment: Swatting originated in the US, where it remains most common. Incidents have also been reported in the UK, Germany, France, Australia, and New Zealand, although these tend to be rarer and smaller due to different policing approaches and firearms laws. In the US, swatting is becoming a significant security risk for HEIs, causing operational disruption, fear, and reputational damage. There is also a realistic possibility that swatting could be replicated in the UK and Europe, albeit in a different manner. For instance, swatting may involve false bomb threats or false reports of knife attacks in progress. This incident underlines the importance of robust threat verification systems, incident response procedures, and institutional liaison with local law enforcement to respond to such incidents.  

Security briefs

Analysis and assessment of ongoing security issues

Phone searches at US border pose continued risk for traveling researchers

Description: US Customs and Border Protection agents conducted 14,899 searches of electronic devices carried by international travelers between April to June 2025, representing a 16.7% increase over the previous peak in 2022. [LINK, LINK].

Assessment: US Customs and Borders authorities continue to implement more stringent border practices impacting international travellers, including researchers. This has formed part of a broader strategy under the Trump administration to control those entering the US and present barriers to entry for critics of its policies [LINK]. US border control agents have the authority to  conduct searches, including forensic analysis of device contents [LINK]. Researchers are particularly vulnerable given a tendency to combine personal and professional accounts on a single device and their access to sensitive projects, with several researchers being detained after messages critical of Trump were found on their devices [LINK, LINK].

Researchers travelling to Russia face elevated risks amid communications restrictions

Description: Russian authorities have initiated new procedures to control communication and internet usage within Russia from September 2025 [LINK, LINK]. 

Assessment: Russian authorities have begun to restrict access to WhatsApp and Telegram, with the Russian government media and internet regulator justifying the measures on national security grounds [LINK]. Simultaneously, the Russian state-backed messenger application, MAX, is to be pre-installed on all phones and tablets within Russia from September 2025 [LINK]. This move represents an attempt to restrict access to encrypted messenger applications within Russia, allowing the state to gain greater insight into the communications within and leaving Russia. As illustrated by Laurent Vinatier’s arrest and detention, researchers in Russia are particularly vulnerable as the Putin regime attempts to silence critics and gain leverage over the West by detaining Western researchers [LINK]. The Russian authorities actions underline that basic travel security precautions, such as the use of clean devices with eSIMs and VPNs, may not be sufficient to mitigate threats posed by state actors. [LINK, LINK].

Chinese nationals in US face allegations of export control violations

Description: The US Department of Justice arrested two Chinese nationals in the US on allegations that they exported sensitive microchips to China despite export restrictions [LINK, LINK]. 

Assessment: US prosecutors allege that the Chinese nationals concealed the end users of shipments of Nvidia AI chips to China to avoid sanctions controls [LINK]. This incident is part of the broader US-Chinese trade war, driven by technological competition,  and illustrates the difficulties of preventing illicit transfer and intellectual property theft through global supply chains. In response, US officials have raised the idea of embedding trackers in AI chip shipments to prevent Chinese sanctions evasions [LINK]. HEIs and research institutions face indirect exposure to these dynamics if they fail to adequately vet collaboration partners involved in advanced AI and technological research. 

Contact us

Secured is a UK-based organisation that provides strategic advisory services to organisations concerned about threats to the security of research, innovation, and investment.

Our security practitioners help entities secure their intellectual property, build operational and financial resilience, and cultivate a positive organisational security culture.

We provide research on the national security implications of emerging technologies as part of our scientific and technical intelligence assessment capability. Recent examples include:

• Chinese malign influence activities affecting UK academia - assessment of a report by the UK-China Transparency (UKCT) charity which portrayed pervasive Chinese influence of UK academia. 

• Academic researchers exposed to US travel risk - assessment of the increasingly stringent US border practices and its impact on academic researchers travelling to the US. 

• Security risk from third-party meeting bots - a short article assessing the often overlooked security risks posed by third-party meeting bots intruding into online virtual meetings

• Robustness of real-time deep fake technology - assessment of the security risks posed by evolving deep-fake technology and the requirement for more robust detection capabilities.

• Stricter cyber incident reporting requirements - a short assessment of regulatory changes which are placing more pressure on organisations’ incident response plans.

• Russian cyber intelligence campaign - strategic assessment of the Russian cyber intelligence campaign targeting logistics, tech companies, and supply chains supporting Ukraine. 

• The Zimmermann Telegram: A Century-Old Case Study for Strategic Communications - provides insight into how strategic communications, intelligence, and security intersect.

• Beyond Baselines - highlights the necessity of security certifications that go beyond baseline measures. 

• Deception can enable private sector initiative - research article published in security and technology journal Binding Hook. 

• Frontline of defence or Achilles’ heel - article that emphasises that underresourced and overworked IT and security personnel are often defensive vulnerabilities rather than assets.

• North Korean malware assessment - strategic assessment of the North Korean Ferret malware family. 

• Five common pitfalls to avoid as an intelligence analyst - short article identifying best practices for open-source intelligence reporting. 

• Cyber incident at Dutch university - assessment of the cyber incident at TU Eindhoven.

• How to quickly identify a good OSINT report - short article underlining best practices for writing open-source intelligence reporting.   

• US designation of major Chinese companies as military-linked - strategic assessment on the impact and outlook of the US’s designation of major Chinese companies as affiliated with the Chinese People’s Liberation Army. 

Secured is part of Tyburn St Raphael Ltd, a boutique security consultancy.

info@tyburn-str.com

hello@secured-research.com