Global Education Cyber-Attacks Jump 63% in One Year: What Schools Must Do Now

The education sector is facing an alarming escalation in education cyber-attacks, with new data revealing a 63% surge in incidents over the past year. According to a report from Quorum Cyber, schools and universities worldwide recorded 425 attacks between November 2024 and October 2025, up from 260 in the previous 12-month period. This sharp rise highlights the growing vulnerability of academic institutions to a mix of ransomware, hacktivism, and nation-state espionage.

Why Education Cyber-Attacks Are Accelerating

Geopolitical tensions, financial motives, and ideological hacktivism are driving the increase. The report, based on FalconFeeds.io threat intelligence from November 2023 to October 2025, tracks incidents across 67 countries. Data breaches alone jumped 73%, while hacktivist activity rose by 75% and ransomware incidents increased by 21%.

Universities are particularly targeted for their high-value research in artificial intelligence, quantum computing, and advanced materials. Nation-state actors often seek to steal intellectual property, while hacktivist groups—including Iranian threat actors—ramp up distributed denial-of-service (DDoS) attacks, website defacements, and data leaks. Infostealer malware and financially motivated ransomware remain persistent, with groups like FunkSec (23% of attacks), Cl0p (10%), INC (10%), and Nova (10%) being the most active.

As a result, the education sector now faces a multi-faceted threat landscape that demands urgent attention. Learn more about cybersecurity best practices for schools to protect sensitive data.

Key Mitigation Strategies for Schools and Universities

To combat the rise in education cyber-attacks, Quorum Cyber recommends several proactive measures. These strategies focus on prevention, early detection, and rapid response:

Intelligence-Led Vulnerability Management

Institutions should use up-to-date threat intelligence to prioritize which vulnerabilities to patch first. This approach ensures that resources are directed toward the most critical risks, reducing the window of exposure.

Dark Web Monitoring

Monitoring the dark web provides early warnings for leaked credentials or third-party breaches. This allows schools to act before stolen data is used in an attack.

Robust Backup Systems

Maintaining three copies of critical data on two different devices, with one stored offline in a separate location, can help recover from ransomware attacks without paying ransoms.

Incident Response Exercises

Regular tabletop exercises ensure that response plans are well understood and effective. These simulations help teams practice decision-making under pressure.

Password Management and Social Engineering Defenses

Strong, unique passwords stored in a password manager are essential. Additionally, helpdesk hardening, user awareness training, phishing-resistant multi-factor authentication (MFA), and enforcing the principle of least privilege can reduce the risk of social engineering attacks.

For a deeper dive, read our guide on ransomware protection for the education sector.

Balancing Openness with Security

Ambrose Neville, head of information security at Queen Mary University of London, notes that the sector’s culture of openness and collaboration makes it uniquely vulnerable. “The challenge for the sector is that openness and collaboration is fundamental to how higher education institutions operate,” he explains. “This makes it more challenging to simply lock systems away, in the way that some other industries may be able to.”

Instead, Neville emphasizes security resilience: knowing where you’re exposed, spotting threats early, and responding quickly before incidents escalate. This approach allows universities to maintain their collaborative mission while defending against evolving cyber threats.

Final Thoughts on the Rising Threat

The 63% annual surge in education cyber-attacks is a wake-up call for schools and universities worldwide. As ransomware, hacktivism, and nation-state espionage converge, institutions must adopt intelligence-led defenses and foster a culture of cybersecurity awareness. By implementing the recommended mitigation strategies—from vulnerability management to incident response exercises—the education sector can better protect its students, faculty, and valuable research.

For more insights, explore our collection of resources on cyber threat intelligence for education.

Exaforce raises $125M Series B to build AI that stops cyberattacks in real time

As cybercriminals increasingly weaponize artificial intelligence to exploit software vulnerabilities at breakneck speed, companies are scrambling to upgrade their defenses. One startup, Exaforce, is betting big on fighting fire with fire. The three-year-old company just announced a massive Exaforce Series B funding round of $125 million, bringing its total raised to $200 million and valuing the firm at $725 million.

This funding round comes only a year after Exaforce secured a $75 million Series A. The rapid capital infusion highlights both the high cost of building an AI-powered security operations center (SOC) and the enormous market opportunity investors see in automated cyber defense. Participants in this round include HarbourVest, Peak XV, Mayfield, Khosla Ventures, and Seligman Ventures.

What Exaforce does: AI agents that hunt threats live

Exaforce develops what it calls “Exabots”—AI agents capable of deep data analysis to automate security operations. These agents take the heavy lifting off human analysts, filtering through thousands of alerts to identify real threats. According to co-founder and CEO Ankur Singla, the mission is straightforward: “Apply AI to catch and stop threats as they happen. It’s a very simple mandate, but it’s very complex to execute.”

The core problem for security teams is the overwhelming number of false positives. A typical security operations person receives hundreds of alerts daily. Umesh Padval, managing partner at Seligman Ventures, compares the task to “looking for a needle in a haystack.” Exaforce claims its platform can reduce manual, time-consuming work by as much as 90%.

New features: natural language queries and rapid customer growth

In response to the rising tide of cyberattacks, Exaforce recently introduced “vibe hunting.” This feature allows security teams to query the AI platform using natural language based on simple hunches. “You can ask a very simple hypothesis like, ‘Did we get any new attacks from Iran?’” Singla explained. This capability makes threat investigation accessible even to less technical staff.

Exaforce officially launched its product in the fourth quarter of last year, following two years of testing with design partners. Since then, the startup has signed 20 customers, including notable names like Replit and Guardant Health. Singla told TechCrunch that high-profile cyberattacks have “supercharged our ability to get to customers, because the customers now don’t ask, ‘Why do I need this?’” Instead, the question is now, “How do I operationalize it?” The startup expects to reach 40 to 50 customers by year’s end.

Competitive landscape: who else is in the AI cybersecurity race?

Exaforce is not alone in applying AI to security operations. The company faces competition from emerging startups like 7AI, Dropzone AI, and Prophet Security, as well as established industry giants such as Palo Alto Networks and CrowdStrike. However, Exaforce’s focus on real-time detection and its unique “Exabots” approach may give it an edge in a crowded field.

For more insights on how AI is transforming cybersecurity, check out our guide on AI cybersecurity trends and learn about building SOC automation.

What’s next for Exaforce?

With $200 million in total funding, Exaforce plans to scale its engineering team, expand sales, and continue refining its AI models. The company is also investing in research to stay ahead of rapidly evolving attack techniques. As Singla put it, the goal is to make cybersecurity proactive rather than reactive—catching threats before they cause damage.

The Exaforce Series B funding signals strong investor confidence in AI-driven cybersecurity. As more organizations face sophisticated, AI-powered attacks, solutions like Exaforce’s may become essential tools in the digital defense arsenal.

Google Unveils New AI Agent Security Features in Gemini Enterprise Platform

Google has taken a significant step forward in enterprise AI security with the launch of its Gemini Enterprise Agent Platform. This new hub, announced at the Google Cloud Next 26 conference in Las Vegas, aims to give every AI agent a unique cryptographic identity — a move designed to bring zero-trust principles into the world of agentic AI.

As businesses increasingly rely on autonomous AI agents to handle complex tasks, the need for robust identity and access management has never been greater. The Gemini Enterprise Agent Platform addresses this by assigning each agent a traceable ID that links back to defined authorization policies. According to Thomas Kurian, CEO of Google Cloud, this enables “zero trust verification at every orchestration step.”

What Is the Gemini Enterprise Agent Platform?

The platform serves as a central hub for managing both Google-built and third-party AI agents. It builds on the existing Gemini Enterprise suite, which was launched a few months earlier. The Agent Platform includes several key components: the Agent Registry, a library that indexes all internal agents, tools, and skills; and the Agent Gateway, a single dashboard for enforcing policies across agent-to-agent and agent-to-tool interactions.

These features support multiple agentic AI protocols, including the Model Context Protocol (MCP) and Agent2Agent (A2A). Google Cloud says the Gateway provides “secure, unified connectivity between agents and tools across any environment,” while enforcing consistent security policies and Model Armor protections against prompt injection and data leakage.

How AI Agent Identities Transform Security

Traditional non-human identities (NHIs) — such as API keys and service accounts — are deterministic and static. AI agents, by contrast, are autonomous and goal-oriented. They can understand high-level objectives, break them down into steps, and execute actions across multiple applications independently. This introduces a new class of dynamic digital entities that act on behalf of humans and make operational decisions.

To manage this complexity, the Gemini Enterprise Agent Platform assigns each agent a unique cryptographic ID. Every action an agent takes is linked to this ID, making it possible to audit and trace behavior. Francis deSouza, COO of Google Cloud, emphasized that security teams need to identify both authorized and unauthorized agents used across their workforce. “When you roll out authorized agents, you want to manage their access control, what they should have access to, and that may change over time in a way that’s more dynamic than human identities,” he added.

Agent Anomaly Detection and Security Dashboard

Google Cloud also introduced Agent Anomaly Detection at Cloud Next 26. This feature uses statistical models and a large language model (LLM) as a judge to identify unusual behavior in real time. It flags potential threats like suspicious reasoning patterns. Anomaly Detection works alongside the existing Agent Threat Detection, which monitors malicious activities such as reverse shells and connections to known bad IP addresses.

Another addition is the Agent Security dashboard, powered by Google Cloud’s Security Command Center (SCC). This dashboard unifies threat detection and risk analysis within Google Cloud Platform (GCP) environments. It helps security teams map relationships between AI agents and models, automate asset discovery, and scan for vulnerabilities in operating systems and language packages.

New Cybersecurity Agents for Threat Hunting

Google also released three new AI agents specifically for cybersecurity professionals. The Threat Hunting agent helps teams proactively search for novel attack patterns and stealthy adversary behaviors that bypass traditional defenses. The Detection Engineering agent identifies coverage gaps and creates new detections for threat scenarios, transforming detection creation from a manual craft into an automated science. Both are available in preview.

Coming soon to preview, the Third-Party Context agent enriches security workflows with contextual data from external sources. When fully available, these three agents will integrate into Google Security Operations, the company’s security analytics, threat detection, and incident response platform.

Google claims its earlier Triage and Investigation agent, introduced in April 2025, processed over five million alerts in the past year, reducing “a typical 30-minute manual analysis to 60 seconds.”

Broader Ecosystem: Wiz, Dark Web Intelligence, and TPU Chips

The Gemini Enterprise Agent Platform launch was part of a broader set of announcements at Cloud Next 26. Israeli cloud security firm Wiz, acquired by Google in 2025, expanded its AI-Application Protection Platform (AI-APP) to embed security directly into developer workflows. The updates include real-time vulnerability scanning, AI-generated code security, a dynamic AI bill-of-materials (AIBOM), and automated remediation.

Google also released a new dark web intelligence feature in Google Threat Intelligence, now available in preview. Internal tests show it can analyze millions of daily external events with 98% accuracy to elevate the most critical threats.

On the hardware side, Google launched two new AI-focused processing chips: the Tensor Processing Unit 8t (TPU 8t) for AI training and the Tensor Processing Unit 8i for AI inference.

Finally, Google committed $750 million to a new agentic AI partner fund for global consulting firms, systems integrators, software partners, and channel partners. The fund aims to support AI value identification, agentic AI prototyping, agent building, deployment, and upskilling.

For more on securing AI workflows, read our guide on how security leaders can safeguard against vibe coding risks.