Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:


Emergency Directive 22-03 Mitigate VMware Vulnerabilities

Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in the following VMware products:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

For further information and mitigation steps from CISA.


On Tuesday, May 10, 2022, Adobe announced multiple vulnerabilities in several Adobe products, including FrameMaker and ColdFusion.

This update addresses one important and multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.

One can update their product installations manually when the product is running by choosing Help > Check for Updates.     
In addition, the products will update automatically, without requiring user intervention, when updates are detected.      


From: Majoro Diarra Stanley
Sent: Saturday, April 30, 2022 6:35:47 PM
Subject: Part-Time Job Opening

The service of a student administrative assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work time is 7 hours/week.
If interested, submit a copy of your updated resume and a functional WhatsApp number to our Department of Psychology via this email address to proceed.

Department of Psychology
Office: 125/126 Millmont and Gilmer 215


From: HELPDESK <p_nowek [at]
Sent: Thursday, April 21, 2022 10:29 AM
To: p nowek <p_nowek [at]>
Subject: Re: ALERT



From: User, Typical S (mst3k)
Sent: Wednesday, April 13, 2022 3:32:31 PM

Name of Company:

Visa Inc.


Earn Money by Driving


We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.


• Have a valid driver’s license

• Drive at least 100 miles / weekly


 $300 weekly

Additional Information: To apply for this position; interested candidates should contact the HR representatives via wrapstyle [at]<mailto:wrapstyle [at]> with his/her personal email.

Thank you,

Typical S User

BioArchitecture Department

University of Virginia

Charlottesville, Virginia 22904


From: "User, Typical (mst3k)"
Date: April 13, 2022 at 3:28:28 PM EDT


You have a message from the Human Resources Department

Click here to view your message.

Thank you,

Typical User

BioArchitecture Department

Charlottesville, Virginia 22904


rom: Typical User
Date: Sun, Apr 10, 2022 at 3:22 AM
Subject: Re: Part-Time Intern!

AHEAD in conjunction with "The University of Virginia" is looking for
dynamic college students interns to join our team as paid interns which
will also gain valuable work experience and we work with interns to gain
academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with

Interns at AHEAD are paid $620 weekly and can work remotely with a
commitment of approximately 8hrs - 12hrs per week and the working hours are
also flexible with the student schedule.

For employment consideration, all qualified applicants are encouraged to
submit their resume and reply to: saraschiller with this


Action Needed: Critical Vulnerability in Spring Java framework


Threat: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

UPDATE 4/8/2022:  Trend Micro Threat Research today confirmed that this Spring4Shell vulnerability has been exploited by the Mirai botnet


Two critical zero-day vulnerabilities has been identified that require the immediate attention of anyone using a Macintosh computer, iPhone, or iPad. 


Another Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers and Microsoft's Chromium-based Edge browser. 

A zero-day flaw has been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaw (CVE-2022-1096) is a high severity flaw on the CVSS vulnerability-rating scale. It is a type confusion weakness in the Chrome V8 JavaScript engine reported by an anonymous security researcher.