U.S. Congressional Budget Office Suffers Cybersecurity Breach Amid Ongoing Government Shutdown In an alarming turn of events during a prolonged government shutdown lasting over five weeks, the U.S. Congressional Budget Office (CBO) disclosed that it recently experienced a cybersecurity breach attributed to a suspected foreign actor. The CBO, which is…
Government, Industry Specific CISA Asserts Fired Workers Do Not Qualify for Union Protections Chris Riotta (@chrisriotta) • November 6, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has informed a federal judge that it is adhering to a court order that prohibits layoffs during the ongoing government shutdown. This comes…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding malicious actors exploiting unencrypted persistent cookies from the F5 BIG-IP Local Traffic Manager (LTM) module for reconnaissance within target networks. This technique enables attackers to identify additional non-internet-facing devices, raising significant concerns about potential vulnerabilities in those systems.…
A suspected nation-state actor has been detected exploiting three critical vulnerabilities in the Ivanti Cloud Service Appliance (CSA), leveraging these zero-day flaws to conduct a series of targeted cyberattacks. According to Fortinet’s FortiGuard Labs, these vulnerabilities allowed attackers to gain unauthorized access to the CSA, enumerate users, and access their…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Tuesday the addition of a serious vulnerability affecting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes amid indications of active exploitation of the flaw. Identified as CVE-2024-28987, this vulnerability has been assigned…
The U.S. government, along with critical allies such as the European Union, the United Kingdom, and NATO, has officially linked a substantial cyberattack on Microsoft Exchange email servers to state-sponsored hacking groups associated with China’s Ministry of State Security (MSS). The attack exploited zero-day vulnerabilities in Microsoft Exchange, which were…
A critical vulnerability affecting Microsoft SharePoint, identified as CVE-2024-38094, has been recently incorporated into the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. This adds urgency as CISA has flagged the issue, citing active exploitation in the wild. This high-severity vulnerability, which carries a CVSS score…
Fortinet Confirms Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has identified a significant security vulnerability affecting its FortiManager product, designated as CVE-2024-47575, with a high CVSS score of 9.8. This vulnerability, also referred to as FortiJump, relates to the FGFM protocol utilized for communication between FortiGate devices and FortiManager.…
In a recent joint advisory, intelligence agencies from Australia, the U.K., and the U.S. have highlighted critical vulnerabilities that were actively exploited during 2020 and 2021. This report underscores how swiftly threat actors can capitalize on publicly disclosed weaknesses in software, posing a significant risk to various organizations worldwide. The…
