University of Nottingham Data Breach and GitHub npm Security Update Reported

The University of Nottingham disclosed a data breach affecting an unspecified number of individuals after unauthorized access to its systems was detected. Attackers exploited a vulnerability in Microsoft Exchange to conduct email spoofing, though no specific CVE ID or technical details of the flaw were provided. GitHub removed the automatic execution feature for npm packages following security concerns, though the exact risks or incidents prompting this change were not detailed. The incidents were reported on June 12, 2026, with no further dates or timelines specified. Impacts included potential exposure of sensitive data at the university and heightened risks from malicious npm package execution.