A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection.

The 2015 Cybersecurity Information Sharing Act is poised to expire on September 30. The law has been instrumental in enabling private sector entities to share cyber threat intelligence with federal agencies under legal protections.

A suspected Chinese intelligence operation has been uncovered using fake job postings and fictitious consulting websites to recruit former and current U.S. federal employees, particularly those with security clearances or technical expertise.

The US federal judiciary issued a statement confirming that its electronic case management system had been compromised in a cyberattack. The judiciary is implementing enhanced cybersecurity measures to protect sensitive legal documents and case data.

The vulnerability (CVE-2025-53786) allows attackers to manipulate user credentials, escalate privileges, and impersonate hybrid users. It also exposes Entra ID, potentially compromising cloud-based identity services.

Nation-state actors from China and Russia are actively attempting to compromise open-source software ecosystems by embedding malicious code and backdoors through trusted contributor roles.

Rogers Communications has been identified as a victim of the Chinese state-sponsored threat actor Salt Typhoon. The campaign exploited vulnerabilities in Cisco routers to gain access to sensitive communications infrastructure.

The provision, slotted into the National Defense Authorization Act for the 2025 fiscal year, seeks to secure U.S. government-issued devices used by diplomats, armed forces personnel, and staffers in the U.S. Agency for International Development.

The NIST issued two new updates to its existing literature on gauging the efficacy of organizations’ cybersecurity protocols, addressing both the selection and maintenance of a proper cybersecurity program depending on organizational needs.

The FCC shared a draft ruling that, if adopted, would immediately require telecommunications firms to secure their networks against unauthorized access to systems that house wiretap requests from law enforcement, according to an agency news release.