Recent Security Bulletins

September 15, 2025

Chrome Vulnerabilities Require Patching

Google has released security updates to its Chrome web browser to fix high-severity and critical vulnerabilities that are actively being exploited. These updates also apply to any web browsers running the same technology (i.e., Microsoft Edge, Brave, Opera, Vivaldi and others).

The Office of Information Technology (OIT) Information Security team recommends updating all affected browsers on both personal and University owned devices. Most University managed computers have automatic updates enabled for Google Chrome—restart your Chrome browser to allow it to update to the latest release.

Instructions for manually updating your Chrome browser are available in this Google Chrome Help web page. If you are using a different web browser, please refer to their support documentation.

While these security updates are specific to Chromium-based web browsers, please ensure security updates are applied regularly for all web browsers.

---

August 14, 2025

Phishing attack targeting the Notre Dame community

A phishing campaign has been aggressively targeting the Notre Dame community. It is coming from real ND email accounts accessed by hackers. While the topic seems official, IT IS NOT LEGITIMATE.

Opening links or attachments in email like this can result in compromised accounts, and can even lead to you losing money.

Remember that official Notre Dame departments will NEVER:

🚨ask you to verify your email is still in use

🚨ask you for your username and password

🚨send you an unsolicited request to authenticate

🚨create a sense of urgency or threaten loss of access

If you have received the email described above, do not click on any links. Report phishing immediately and delete the message. To do so in Gmail, click the three dots in the top right corner of the email, and select “report phishing” from the drop down. You can also forward the message to phishing@nd.edu to prompt an investigation.

Information Security has taken action to suspend the compromised Notre Dame emails and remove the message from inboxes. However, if you entered your credentials into this form, please change your password immediately by either contacting the OIT Service Desk or following the steps in this knowledge article.

---

July 3, 2025

High Severity Chrome Vulnerability Requires Patching

Google has released security updates to its Chrome web browser to fix high-severity vulnerabilities that are actively being exploited. These updates also apply to any web browsers running the same technology (i.e., Microsoft Edge, Brave, Opera, Vivaldi and others).

The Office of Information Technology (OIT) Information Security team recommends updating all affected browsers on both personal and University owned devices. Most University managed computers have automatic updates enabled for Google Chrome—restart your Chrome browser to allow it to update to the latest release.

Instructions for manually updating your Chrome browser are available in this Google Chrome Help web page. If you are using a different web browser, please refer to their support documentation.

While these security updates are specific to Chromium-based web browsers, please ensure security updates are applied regularly for all web browsers.

---

June 17, 2025

High Severity GitLab Vulnerability Requires Patching

Who is affected?

• Developers or system administrators hosting a self-managed GitLab instance.

What You Need to Know

• GitLab has patched several vulnerabilities in GitLab Community and Enterprise including some enabling attackers to take over accounts and inject malicious jobs in future pipelines.

• Immediate patching to versions 18.0.2, 17.11.4, and 17.10.8 is required.

Why it matters

• By leveraging these weaknesses, attackers can take over accounts and inject malicious code and/or malicious CI/CD jobs.

Go deeper

• Additional details can be found in this news article, as well as in this official GitLab patch announcement.

The Office of Information Technology (OIT) Information Security team requires all GitLab installations running an impacted version to be upgraded to the latest version as soon as possible.

---

April 2, 2025

Critical Firefox Vulnerability for Windows Requires Patching

Mozilla has released security updates to its Firefox web browser to fix high-severity vulnerabilities similar to those Chrome patched for last week. These vulnerabilities only impact Windows users.

The Office of Information Technology (OIT) Information Security team recommends updating all affected browsers on both personal and University owned devices. Instructions for manually updating your Firefox browser are available in this Mozilla support web page.

While these security updates are specific to Firefox on Windows devices, please ensure security updates are applied regularly for all web browsers, no matter the operating system.

---

March 27, 2025

Critical Chrome Vulnerability for Windows Requires Patching

Google has released security updates to its Chrome web browser to fix high-severity vulnerabilities that are actively being exploited. These updates also apply to any web browsers running the same technology (i.e., Microsoft Edge, Brave, Opera, Vivaldi and others). These vulnerabilities only impact Windows users.

The Office of Information Technology (OIT) Information Security team recommends updating all affected browsers on both personal and University owned devices. Most University managed computers have automatic updates enabled for Google Chrome—restart your Chrome browser to allow it to update to the latest release.

Instructions for manually updating your Chrome browser are available in this Google Chrome Help web page. If you are using a different web browser, please refer to their support documentation.

While these security updates are specific to Chrome on Windows devices, please ensure security updates are applied regularly for all web browsers, no matter the operating system.

---

January 31, 2025

New AI Tool DeepSeek and What You Need to Know

What's new?

• DeepSeek refers to a new set of frontier AI models from a Chinese startup of the same name.

• DeepSeek is not a University-approved AI model.

• It was recently reported that a vulnerability in DeepSeek's website left lots of data exposed, including user chats.

Who is affected?

• We advise that end users (students, staff and faculty) avoid using deepseek.com or DeepSeek's mobile app.

• Developers or researchers interested in experimenting with the AI model itself, contact AI Enablement for information on how to access DeepSeek securely.

• Do not build Deepseek’s open source model into production services.

Why it matters:

• This new tool is receiving a lot of media attention, and is causing disruption in the AI space.

Go deeper

• For additional information about DeepSeek and the University’s guidance for use of it and other AI tools, visit AI@ND.

---

January 29, 2025

New Security Updates for Apple Devices

Apple has released updates for Apple devices to address significant security vulnerabilities.

A full list of these security updates and impacted devices can be found in this Apple Support article.

The Office of Information Technology (OIT) Information Security team recommends that anyone with any Apple device – both personal or University-owned – install the updates immediately. Below are the instructions on how to upgrade your device(s):

• iPhone and iPad: How to install iOS and iPadOS updates

• Mac computers: How to Update macOS

Please allow approximately 10-20 minutes for these updates to complete.