Jonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of…
Category: Federal
3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies
Riley Brennan reports: The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets. On Tuesday, the federal appellate court affirmed the U.S. District Court…
Appeals Court Upholds FCC Data Breach Rules for Hacked Telecoms
Kartikay Mehrotra reports: A federal appeals court delivered a victory to the Federal Communications Commission on Wednesday by upholding new and controversial data breach reporting requirements for telecommunications companies targeted in cyberattacks. The court rejected consolidated challenges, 2 to 1, from trade groups including the Ohio Telecom Association, Texas Association of Business and USTelecom. They…
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
By the end of yesterday, federal agencies should all have patched. But did they? And how many others have yet to patch? Bill Toulas reports: The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day…
Former JBLM soldier pleads guilty to attempting to share military secrets with China
A former U.S. Army Sergeant whose last duty post was Joint Base Lewis-McChord (JBLM) in western Washington pleaded guilty on Wednesday in U.S. District Court in Seattle to two federal felonies, announced Acting U.S. Attorney Teal Luthy Miller. Joseph Daniel Schmidt, 31, pleaded guilty to attempt to deliver national defense information and retention of national defense information. He faces up…
US govt login portal could be one cyberattack away from collapse, say auditors
Brandon Vigliarolo reports: The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective. The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General…