CISA has reviewed and determined that we will not participate in the RSA Conference since we regularly review all stakeholder engagements, to ensure maximum impact and good stewardship of taxpayer dollars.
Top Trump administration cyber officials are in discussions to cancel their attendance at the RSAC Conference taking place in San Francisco in March after a top Biden-era cyber leader was named CEO of the event, according to multiple former officials and other people with knowledge of the matter.
U.S. and Australian cyber agencies confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday and is impacting data storage systems from the company MongoDB. The issue drew concern on December 25 when a prominent researcher published exploit code for CVE-2025-14847 - a vulnerability MongoDB announced on December 15 and patched on December 19.
The Cybersecurity and Infrastructure Security Agency said it will make 100 internship opportunities available to students participating in a government scholarship program that's been hampered by federal hiring freezes enacted by the Trump administration. The move announced Wednesday would allow undergraduate and graduate students to enter the cyber defense agency under the CyberCorps: Scholarship for Service Program, a longstanding workforce pipeline used to place top student talent into U.S. cybersecurity positions.
"In today's culture of information saturation, it is imperative that we ensure all official information communicated on behalf of CISA is current, accurate, unbiased, and authoritative. This includes any official information communicated to the media," reads part of the note issued by agency acting Director Madhu Gottumukkala. CISA is "committed to a culture of transparency" but also has a "responsibility to ensure we meet the imperative laid out above and to that end, the Office of the Chief External Affairs Office (OCEAO/ /EA) is the only office authorized to facilitate official communication with the media," it adds.
Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, have published their own technical teardown of the vulnerability that doesn't mince words about the ease with which criminals can weaponize it. The researchers call exploitation "trivial," describing a single HTTP request that bypasses OIM's normal authentication flow and ultimately gives an attacker remote system-level control. Oracle disclosed the bug in October, but didn't indicate that it was under active exploitation.
Local election offices are left with fewer resources, less threat intelligence, and diminished federal guidance. "It's kind of heartbreaking to know that they worked [on] creating these relationships and partnerships over the last decade, and they'renowjust disintegrating," Brianna Lennon, the county clerk in Missouri's Boone County, tells Axios. Bloomberg reported yesterday thattheCybersecurity and Infrastructure Security Agency's election monitoring room, which has been stood up during every election cycle to field and share information about active threats to elections, isn't operating this year.
"With the threat to Exchange servers remaining persistent, enforcing a prevention posture and adhering to these best practices is crucial for safeguarding our critical communication systems," Andersen said. "This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations." Anderson added that CISA recommends organizations also "evaluate the use of cloud-based email services" rather than "managing the complexities" of hosting their own.
The Monday letter - led by Rep. James Walkinshaw, D-Va., and also signed by Reps. Suhas Subramanyam, D-Va., Eugene Vindman, D-Va., and Shontel Brown, D-Ohio, along with Del. Eleanor Holmes Norton, D-D.C. - argues that DHS violated the Antideficiency Act when it reassigned those Cybersecurity and Infrastructure Security Agency staff to roles within Immigration and Customs Enforcement, the Federal Protective Service and Customs and Border Protection.
Staff within the Stakeholder Engagement Division, as well as the cyber-defense agency's Infrastructure Security Division, were targeted with reduction-in-force notices, or RIFs, said the people. OMB Director Russ Vought announced the actions on Friday in line with Trump administration promises to enact layoffs during the ongoing government shutdown. The Integrated Operations Division is also believed to have been impacted, one of the people said.
The CISA law was due for renewal along with the federal government's continuing funding resolution, but given the Senate's inability to pass it and the government shutdown that followed, Peters and Rounds want it extended without having to wait for the government to reopen in order to do so. The CISA law, for those unfamiliar, establishes a framework and legal protections for companies to share threat indicators with the government and each other.
Bloomberg reported Wednesday that the department moved staffers from the U.S. cybersecurity agency CISA, many of whom focus on issuing cyber guidance to help U.S. government agencies and critical infrastructure defend from cyber threats, to other agencies within the federal department, including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). Both Bloomberg and Nextgov reported that many of the affected CISA staffers are in the agency's Capacity Building unit, which helps to improve the cybersecurity posture of federal agencies,
The update comes about two months after Google warned that some unknown criminals have been exploiting fully patched, end-of-life SonicWall SMA 100 appliances to deploy a previously unknown backdoor and rootkit dubbed OVERSTEP. The malware modifies the appliance's boot process to maintain persistent access, enabling the criminals to steal sensitive credentials and conceal their own components. The Chocolate Factory's intel analysts in July attributed the ongoing campaign to UNC6148 - UNC in Google's threat-group naming taxonomy stands for "Uncategorized."
CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.
CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.
In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.
