A recent report from Infoblox highlights a significant coordinated phishing attack that targeted at least 18 American universities from April to November 2025. The attackers aimed to steal student and staff account credentials, successfully bypassing Multi-Factor Authentication (MFA) using a phishing kit known as Evilginx. This tool acts as a digital intermediary, intercepting users as they attempt to log in, capturing both their login credentials and session cookies that allow access after MFA is completed. The campaign's sophistication is evident. The attackers frequently changed their phishing links and utilized services like Cloudflare to obscure their server locations. Infoblox's investigation, prompted by a tip from a security expert at one of the affected universities, uncovered nearly 70 different domains used in these attacks. Notably, the University of San Diego was the first victim on April 12, 2025. The top five universities targeted included the University of California, Santa Cruz, University of California, Santa Barbara, Virginia Commonwealth University, and the University of Michigan. Renée Burton from Infoblox emphasized the ongoing threat to universities, which remain attractive targets for cybercriminals. She provided an example of an attack on the University of Washington that resulted in the loss of part of a valuable digital catalogue. The report underlines a growing need for heightened security awareness and immediate reporting from campus communities to safeguard sensitive information from these evolving threats.