Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.