TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
CVE FUNDING DISRUPTION: The nonprofit MITRE Corporation says uncertainties around U.S. government funding may lead to the disruption and “deterioration” of the Common Vulnerabilities and Exposures (CVE) program, Security Week reports. In a letter to the CVE board, VP and Director at MITRE’s Center for Securing the Homeland Yosry Barsoum said the contract with the U.S. government to manage the program will expire today and there’s no word on funding moving forward. “On Wednesday, April 16, 2025, the current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire. The government continues to make considerable efforts to continue MITRE’s role in support of the program,” Barsoum explained.
SPACE FORCE HQ DEBATE: A new report from the Pentagon’s inspector general highlights fundamental disagreements between the Air Force and U.S. Space Command about the risks associated with permanently basing the command’s headquarters at Redstone Arsenal in Huntsville, Alabama, Defense News reports. The report comes amid continued tension between congressional delegations in Alabama and Colorado — where Space Command is temporarily headquartered — over where the organization should be based long term. During an April 8 podcast hosted by Auburn University’s McCrary Institute, House Armed Services Committee Chairman Mike Rogers (R-Ala.) claimed the Trump administration will formally name Redstone as Space Command’s home base later this month. “I expect sometime during the month of April that Space Command will officially be assigned to build its headquarters in Huntsville,” Rogers said.
PENTAGON’S ‘SWAT TEAM OF NERDS’ EVAPORATES: Under pressure from the Elon Musk-led Department of Government Efficiency, nearly all the staff of the Defense Digital Service — the Pentagon’s fast-track tech development arm — are resigning over the coming month, according to the director and three other current members of the office granted anonymity to discuss their job status freely, as well as internal emails, POLITICO reports. The resignations will effectively shut down the decade-old program after the end of April.
‘SIGNIFICANT’ DOGE BREACH ALLEGED: A whistleblower complaint says that billionaire Elon Musk's team of technologists may have been responsible for a "significant cybersecurity breach," likely of sensitive case files, at America's federal labor watchdog, Reuters reports. The complaint, addressed to Republican Senate Intelligence Committee Chairman Tom Cotton and his Democratic counterpart Mark Warner and made public Tuesday by the group Whistleblower Aid, draws on the testimony of Daniel Berulis, an information technology staffer at the National Labor Relations Board (NLRB). In an affidavit, Berulis said he had evidence that DOGE staffers were given extraordinarily sweeping access to the NLRB's systems, which house sensitive case files. He said that beginning in early March, logging protocols created to audit users appeared to have been tampered with, and that he had detected the removal of about 10 gigabytes worth of data from NLRB's network sometime thereafter.
4CHAN HACK: The anonymous image board 4chan has survived years of controversy. It weathered user and advertiser boycotts as well as damning accusations that it incubated hate speech that may have fueled mass shootings. Users have convened on 4chan to plan hacks like DDoS attacks, and conspiracy theories that festered on 4chan even reportedly inspired the January 6 insurrection at the United States Capitol. On Monday night and Tuesday, though, the platform faced its latest test after a series of outages led to speculation that the site had been hacked, WIRED reports. The core feature 4chan provides is public anonymity to post text and images, but the platform itself does collect information about users, such as their IP addresses. As a result, a breach of the website could represent a significant exposure of data that was intended to be private.
CYBER FOCUS PODCAST
NEW: In the latest episode of Cyber Focus, host Frank Cilluffo sits down with Admiral Mike Rogers (Ret.), former commander of U.S. Cyber Command and director of the National Security Agency. Rogers shares insights from his leadership across two administrations, discussing offensive cyber operations, the evolution of Cyber Command, and pressing national security challenges. The conversation spans from undersea cable vulnerabilities to public-private integration, the future of quantum and AI, and the enduring need for clarity in cyber policy. A decorated Auburn alum, Rogers reflects on lessons learned, historical inflection points, and what must change for the U.S. to stay ahead in the cyber domain.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
2.6 million impacted by Landmark Admin, Young Consulting data breaches
More than 2.6 million individuals were impacted by two data breaches at insurance administrator Landmark Admin and software solutions provider Young Consulting, according to fresh filings with regulatory agencies. In October 2024, Landmark Admin notified roughly 800,000 people that it fell victim to a ransomware attack that also included the theft of sensitive data. The company said it flagged the unauthorized access to its systems on May 13, but was breached again on June 17, while the investigation was in progress. (SECURITYWEEK.COM)
Cybercrime
Encrypted app intelligence exposes sprawling criminal networks across Europe
Law enforcement authorities across Europe and Türkiye have dismantled four major criminal networks responsible for fueling the flow of drugs into the EU and Türkiye, following a series of coordinated raids supported by Europol. These results were made possible by the continued exploitation of encrypted communication platforms, including Sky ECC and ANOM, which remain powerful tools in the hands of investigators. Investigations spanned multiple jurisdictions, with authorities in Belgium, France, Germany, the Netherlands and Spain joining forces with Europol to disrupt the networks operating across the European continent. (EUROPOL.EUROPA.EU)
Financial
Major U.S. banks pause data sharing with this federal bureau after a cyberattack exposed sensitive information
Several of the largest U.S. banks are reportedly pausing or reassessing how they send sensitive information to the Office of the Comptroller of the Currency (OCC) following a major cyberattack on the regulator. JPMorgan Chase and Bank of New York Mellon have halted electronic information-sharing with the OCC, Bloomberg reported. Bank of America is working to transmit data through what it considers more secure electronic channels, according to the report. The moves come after hackers reportedly accessed more than 100 accounts within the OCC’s email system over the course of a year — a breach the OCC and U.S. Treasury have labeled a “major incident.” (FASTCOMPANY.COM)
Healthcare
Texas pediatric orthopedics clinic says hack affects 140,000
Ransomware group Qilin posted at least 42 gigabytes of data stolen from a Texas pediatric orthopedic practice for sale on its darkweb leak site in February. In recent days, Central Texas Pediatric Orthopedics began notifying more than 140,000 people that their data was compromised by hackers. Central Texas Pediatric Orthopedics reported the hacking incident to federal regulators on April 4 as involving Central Texas Pediatric Orthopedic's network server. (HEALTHCAREINFOSECURITY.COM)
Phishing
AI-powered presentation tool leveraged in phishing attacks
An AI-powered presentation tool named Gamma is being used in phishing attacks to trick targets into thinking an email is legitimate. That's according to researchers at security vendor Abnormal Security, which published research today dedicated to Gamma and how threat actors are misusing it to reach targets in a new campaign. Gamma is an otherwise legitimate graphic design product used by customers to generate presentations with generative AI models, but Abnormal researchers detailed how Gamma can be used to deliver a link to a fake Microsoft portal. (DARKREADING.COM)
LabHost phishing mastermind sentenced to 8.5 years
A Huddersfield man has been handed an eight-and-a-half-year sentence for masterminding what became one of the world’s largest phishing-as-a-service (PhaaS) platforms. Zak Coyne, 23, of Woodbine Road, Huddersfield, was sentenced in Manchester Crown Court on Monday after admitting his crimes in September 2024. These included: making or supplying articles for use in frauds; encouraging or assisting the commission of an offense believing it would be committed; and transferring criminal property. (INFOSECURITY-MAGAZINE.COM)
THREATS
Artificial intelligence
Bot traffic overtakes human activity as threat actors turn to AI
Automated traffic now accounts for the majority of activity on the web, with the share of bad bot traffic surging from 32% to 37% annually last year, according to Thales. The French defense giant’s 2025 Imperva Bad Bot Report is now in its 12th year, and based as always on data collected by Imperva’s global network, which apparently blocked 13 trillion bad bot requests across thousands of domains and industries last year. Bot traffic accounted for 51% of the total last year, the first time it has surpassed human activity in a decade, the vendor claimed. (INFOSECURITY-MAGAZINE.COM)
Communications
Blockchain, quantum and IoT firms unite to secure satellite communications against quantum threats
Three different companies from three separate continents have agreed a memorandum of understanding to advance secure communications by combining their respective specialisms. Partisia (Denmark) is a business blockchain specialist, and a major player in multi-party computing (MPC). Squareroot8 (Singapore) is a specialist in quantum-safe communications. NuSpace (Long Beach, California) specializes in IoT connectivity and satellite-as-a-service. (SECURITYWEEK.COM)
Cryptocurrency
Malicious PyPI package targets MEXC trading API to steal credentials and redirect orders
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading), which is used to connect and trade with several cryptocurrency exchanges and facilitate payment processing services. (THEHACKERNEWS.COM)
OPSEC
Here’s what happened to those SignalGate messages
Attorneys suing the United States government over its use of vanishing Signal messages to coordinate military strikes last month in Yemen allege that new court filings by the government reveal a “calculated strategy” by Trump administration officials to evade transparency laws through the illegal destruction of government records. US defense and intelligence agencies on Monday submitted supplemental declarations in court outlining their individual efforts to preserve the messages at the center of the “SignalGate” scandal. American Oversight, a watchdog organization whose attorneys are suing the government, claim the declarations reveal “troubling inconsistencies” in efforts by US officials to archive the material, with the Central Intelligence Agency in particular alleging that it had archived no messages of any substance. (WIRED.COM)
EU confirms issuing ‘burner phones’ to top officials but denies practice caused by Trump
A spokesperson for the European Commission confirmed on Tuesday that it does provide “burner phones” to top officials, but denied a report that the practice was new and connected to a recent security appraisal of the risks when visiting the United States. It follows the Financial Times reporting that the European Union’s executive had issued new guidance stressing increased risks of surveillance when traveling to the United States, amid several scandals regarding U.S. treatment of individuals transiting its borders. (THERECORD.MEDIA)
Vulnerabilities
Critical Apache Roller vulnerability (CVSS 10.0) enables unauthorized session persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4. "A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes," the project maintainers said in an advisory. (THEHACKERNEWS.COM)
ADVERSARIES
China
Chinese espionage group leans on open-source tools to mask intrusions
A Chinese state-sponsored hacking group has been observed using recently released open-source offensive security tools and other tactics in an effort to blend in with more common cybercriminal activity. The group, UNC5174, is an espionage-minded hacking group that is believed to have ties to the Chinese government and targets Western governments, technology companies, research institutions and think tanks. In a new campaign observed by researchers at Sysdig, the group was seen using VShell — an open-source Remote Access Trojan made by a Chinese developer and popular among Chinese cybercriminals — to carry out post-exploitation activity. (CYBERSCOOP.COM)
North Korea
Crypto developers targeted by Python malware disguised as coding challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG, TraderTraitor, and UNC4899. (THEHACKERNEWS.COM)
MORE: North Korean hackers exploit LinkedIn to infect crypto developers with infostealers (INFOSECURITY-MAGAZINE.COM)
Russia
Wave of wine-inspired phishing attacks targets EU diplomats
The formidable Russia-backed threat group APT29 is behind a fresh wave of phishing attacks on European diplomats that once again aims to take advantage of their cultural persuasion for enjoying wine to deliver a new backdoor malware. In what appears to be a continuation of last year's WineLoader campaign, the new attack is similar in that it uses email to invite targets to wine-tasting events in an attempt to lure them to click on malicious links, researchers from Check Point Research revealed in a report published today. (DARKREADING.COM)
Poland says Russian cyberattacks intensify ahead of vote
Poland’s ministry of digital affairs on Tuesday came out against what it said was a growing number of Russian cyberattacks, just one month ahead of the country’s presidential election. Authorities in Poland, a staunch ally of neighbouring Ukraine, have warned in recent months that Moscow might seek to interfere with the May 18 election through cyberattacks and disinformation. “Today we counted almost 2,000 incidents and the day is not over yet,” Krzysztof Gawkowski, Poland’s digital affairs minister, told news channel TVN24, adding that the uptick had begun at the start of the year. (THEDEFENSEPOST.COM)
GOVERNMENT AND INDUSTRY
Defense
Balancing switching costs and opportunity costs: Market-based architectures for defense acquisition
Future systems must be designed for continuous modification — emphasizing speed, modularity, and open interfaces for seamless technology upgrading and integration. DoD must adopt new architectural principles that balance adaptability, interoperability, and mission effectiveness, including: Open access to federated data to foster competition based on capability rather than exclusive access to government-owned data; defining modular boundaries to align mission outcomes with market dynamics; prioritizing Measures of Effectiveness (MOE) over Measures of Performance, to balance immediate needs with long-term adaptability; and balancing intellectual property rights and sourcing flexibility, while leveraging MOEs in decision-making. This strategy will equip warfighters with best-in-class capabilities — now and into the future — while maintaining the agility to pivot as challenges and technologies evolve. (MITRE.ORG)
2 Defense Department officials, including senior adviser to Pete Hegseth, put on leave amid leak investigation
The Pentagon has put two Defense Department officials on administrative leave pending an investigation into an unauthorized disclosure, officials confirmed to CBS News. Dan Caldwell, a senior adviser to Defense Secretary Pete Hegseth, was escorted from the Pentagon on Tuesday, according to an official. Darin Selnick, the Pentagon's deputy chief of staff, was also suspended as part of the same probe per two Defense Department officials Hegseth's chief of staff Joe Kasper issued a memo at the end of March directing the Pentagon to conduct an investigation into unauthorized disclosures and use lie detector tests if necessary. (CBSNEWS.COM)
Pentagon seeks feedback on how to structure $48B tech research recompete
The Defense Department is moving early to give industry a first glimpse at how it will conduct the recompete of one of its main contract vehicles for broad technology research-and-development services. A total of 44 companies hold prime positions on the potential $48 billion vehicle called IAC-MAC, which opened for business in 2018 to help DOD components and other federal agencies acquire customized technical and analytical support. DOD’s Wednesday release of a sources sought notice marks the department’s first step in forming the appropriate acquisition strategy for the follow-on contract. (DEFENSEONE.COM)
Energy
New nuclear power could meet 10% of projected data center demand increase by 2035: Deloitte
New nuclear power capacity could meet about 10% of the projected increase in data center electricity demand by 2035, Deloitte said in an April 9 report. Deloitte expects data centers to consume about 30%, or 11 GW to 19 GW, of the estimated 35 GW to 65 GW of new nuclear capacity added over the next decade through a combination of power uprates at operational plants, restarts of recently-retired reactors, and new reactor deployments at greenfield and existing power plant sites. Existing nuclear power plants and retired or retiring coal power plant sites will support the vast majority of new nuclear capacity interconnection, with respective contributions ranging from 10 GW to 20 GW and 20 GW to 30 GW, Deloitte said. (UTILITYDIVE.COM)
Healthcare
HHS updates regulatory guides for the safe use of EHRs
The Assistant Secretary for Technology Policy has released an update of guidance documents that healthcare organizations use to assess and optimize the safety of their electronic health record systems. The new 2025 Safety Assurance Factors for EHR Resilience Guides contain revisions related to the 21st Century CURES Act -- including the use of artificial intelligence for clinical care, cybersecurity and integration of U.S. Food and Drug Administration-approved medical device data into electronic health records -- and software testing procedures. (HEALTHCAREITNEWS.COM)
Space
Space ISAC launches UK Global Hub to expand threat monitoring, boost international space security
The Space Information Sharing and Analysis Center (Space ISAC) announced on Monday the launch of its UK Global Hub, a major advancement in its mission to foster international collaboration in space security. The expansion enhances Space ISAC’s growing capabilities by strengthening real-time monitoring of cyber and physical threats impacting space systems. Additionally, it also improves global response times to emerging space security threats through a more strategic incident response coordination. (INDUSTRIALCYBER.CO)
Workforce
DHS cancels federal neurodiversity workforce contract
The Cybersecurity and Infrastructure Security Agency has cancelled a contract project aimed at filling talent gaps by improving the recruitment and retention of people with autism and other neurodivergent conditions. The contract’s termination upends a years-long effort, started under the first Trump administration, to recognize neurodiversity across the federal government. Data from CISA’s pilot project would have helped inform broader efforts to fill talent gaps at the Department of Homeland Security and across agencies. (FEDERALNEWSNETWORK.COM)
Federal contract oversight employees contemplate resignation offer, as agency faces layoffs and mission realignment
Labor Department employees who enforce equal opportunity requirements for federal contractors have until 6 p.m. Monday to decide whether to take an offer to leave federal service, as their agency faces the possibility of almost total elimination with remaining staff being directed to unwind their past work. Workers at the Office of Federal Contract Compliance Programs, as well as the International Labor Affairs Bureau, Women’s Bureau and Office of Public Affairs, received an email late on April 4 that they were eligible for a second round of the deferred resignation program. Under the initiative, DOL employees can keep their pay and benefits through Sept. 30 if they resign by April 14. (NEXTGOV.COM)
Women show more team spirit when it comes to cybersecurity, yet they're still missing out on opportunities
Managed threat detection and response provider e2e-assure surveyed 1,000 employees across a range of industries, including healthcare, manufacturing, professional services and financial services. Researchers found that while half of women said they viewed cybersecurity as the responsibility of everyone in the organization, the same was true of only three-in-ten men. Nearly nine-in-ten workers said they had been the victim of a cyber attack at work. (ITPRO.COM)
LEGISLATIVE UPDATES
23andMe bankruptcy draws investigation from House panel over data concerns
The House Oversight Committee has launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May. The company’s bankruptcy filing “raises significant concerns regarding potential transfers of customers’ and family members’ sensitive personal data to various interested entities,” including China’s government, says committee Chairman James Comer (R-Ky.) in a letter to Anne Wojcicki, who initiated 23andMe’s bankruptcy proceedings in March and resigned as chief executive soon afterward. (THERECORD.MEDIA)
EVENTS
MOBILITY THREATS: Hacks have uncovered a dangerous truth: the cybersecurity of the critical air, rail, and maritime infrastructure that underpins U.S. military mobility is insufficient. In addition to enabling disruption, compromising critical infrastructure would allow U.S. adversaries to amass information about the movement of goods and military equipment – and impede America’s ability to deploy, supply, and sustain large forces. FDD will explore the threat in an April 17 event.
NUCLEAR POLICY: For over 30 years, experts, officials, executives, journalists, and students from across the globe have come together to debate — and explore solutions for — the most pressing challenges in nuclear nonproliferation, arms control, disarmament, deterrence, energy, and security at the Carnegie International Nuclear Policy Conference, which will be held April 21-22 in Washington.
AI@AU: Artificial intelligence experts from industry and academia will offer deeper insight into the emerging technology and its best practices through a lecture series, presented by Auburn University’s AI@AU initiative. The “Spring 2025 AI@AU Forum” will be April 25 in Lowder Hall, Room 127, or can be viewed live via Zoom. Recorded lectures will also be available.
COUNTERSPACE WEAPONS: Join the Center for Strategic and International Studies (CSIS) Aerospace Security Project and Secure World Foundation (SWF) on April 25 for a discussion about the latest counterspace weapons trends. The conversation will follow the publication of annual counterspace reports by each organization: CSIS’s Space Threat Assessment 2025 and SWF’s Global Counterspace Capabilities Report.
GLOBAL SECURITY FORUM: Join the CSIS Defense and Security Department at the 2025 Global Security Forum, "Strength through the Storm: Industry, Innovation, and the Future of U.S. Military Power,” on May 13. As CSIS's flagship annual security conference, the forum will convene leaders from the government, military, private sector, and think tank community to discuss the intersection of industry, innovation, and military power and how we harness sources of American strength to address our nation’s security challenges.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS