A suspected Chinese intelligence operation has been uncovered using fake job postings and fictitious consulting websites to recruit former and current U.S. federal employees, particularly those with security clearances or technical expertise.

The US federal judiciary issued a statement confirming that its electronic case management system had been compromised in a cyberattack. The judiciary is implementing enhanced cybersecurity measures to protect sensitive legal documents and case data.

The vulnerability (CVE-2025-53786) allows attackers to manipulate user credentials, escalate privileges, and impersonate hybrid users. It also exposes Entra ID, potentially compromising cloud-based identity services.

Nation-state actors from China and Russia are actively attempting to compromise open-source software ecosystems by embedding malicious code and backdoors through trusted contributor roles.

Rogers Communications has been identified as a victim of the Chinese state-sponsored threat actor Salt Typhoon. The campaign exploited vulnerabilities in Cisco routers to gain access to sensitive communications infrastructure.

The provision, slotted into the National Defense Authorization Act for the 2025 fiscal year, seeks to secure U.S. government-issued devices used by diplomats, armed forces personnel, and staffers in the U.S. Agency for International Development.

The NIST issued two new updates to its existing literature on gauging the efficacy of organizations’ cybersecurity protocols, addressing both the selection and maintenance of a proper cybersecurity program depending on organizational needs.

The FCC shared a draft ruling that, if adopted, would immediately require telecommunications firms to secure their networks against unauthorized access to systems that house wiretap requests from law enforcement, according to an agency news release.

Two brothers Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer were charged with running the hacking group Anonymous Sudan, responsible for launching 35,000 DDoS attacks worldwide, targeting governments, hospitals, and critical infrastructure.

The FCC is seeking volunteers to serve as administrators for a new cybersecurity labeling program, allowing consumers to identify products less vulnerable to cyberattacks.