Fired IT worker jailed for 21 months after sabotaging old school district

Before being terminated, he grabbed over 300 sets of user credentials.

Then, over the next two years, he deleted their Facebook page, wiped Apple School Manager data, disrupted their Schoology LMS, and tried resetting GoDaddy accounts.

He got caught because he asked a coworker to wipe a USB drive he left behind. The coworker gave it to management instead.

$100K in damages, 21 months in prison.

The lesson? Just credentials, nobody revoked on the day he was fired. For twenty months.😑

Also this week

→ 1,500 Arch Linux AUR packages poisoned with infostealers via spoofed maintainer accounts.

→ Google Threat Intelligence Group found a Chinese actor inside US military research networks who resided there for over 1 year.

Top CVEs last week

• Ivanti Sentry (CVE-2026–10520) unauth RCE
• Ivanti Sentry (CVE-2026–10523) auth bypass
• NGINX two critical RCEs
• Cisco ISE (CVE-2026–20181/20190) RCE, Info disclosure
• Fortinet FortiSandbox (CVE-2026–25089) OS command injection
• Atlassian Jira Server (CVE-2026–43512) auth bypass
• LiteLLM (CVE-2026–42271) command injection
• OpenClaw (CVE-2026–53838) race condition sandbox escape

Share your thoughts on the IT admin story.

I mean, did they even have an onboarding/off-boarding policy? 🤔

Follow me

Want to receive weekly stories and updates on cybersecurity?

Join my Telegram channel and LinkedIn.