Government security | Breaking Cybersecurity News | The Hacker News

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use," the CAO said in a memo, according to Axios. To that end, House staff are prohibited from downloading the app on any device issued by the government, including its mobile, desktop, or web browser versions. WhatsApp has pushed back against these concerns, stating messages sent on the platform are end-to-end encrypted by default, and that it offers a "higher level" of security than most of the apps on CAO's approved ...

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel said in a report published today. Some of the targeted sectors include manufacturing, government, finance, telecommunications, and research. Also present among the victims was an IT services and logistics company that was managing hardware logistics for SentinelOne employees at the time of the breach in early 2025. The malicious activity has been attributed with high confidence to China-nexus threat actors, with some of the attacks tied to a threat cluster dubbed PurpleHaze , which, in turn, overlaps with Chinese cyber espionage groups publicly reported as APT15...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities ( KEV ) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager ( NTLM ) hash disclosure spoofing bug that was patched by Microsoft last month as part of its Patch Tuesday updates. NTLM is a legacy authentication protocol that Microsoft officially deprecated last year in favor of Kerberos. In recent years, threat actors have found various methods to exploit the technology, such as pass-the-hash and relay attacks, to extract NTLM hashes for follow-on attacks. "Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network," CISA said. In a bulletin published in March, Mi...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities ( KEV ) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to upload a malicious file by masquerading it as a seemingly harmless PNG image file. "The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface," CISA said in an advisory. "The 'Change Favicon' (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .PNG extension disguised as an image." However, a successful exploitation is poss...

Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden's revelations, it's clear that how desperately government agencies wants to put secret backdoors in your network, devices, and software. However, Bulgaria has come forward with an all new set of laws that would be appreciated by privacy lovers and open-source community. Also Read:  Top Best Password Managers . The Bulgarian Parliament has passed legislative amendments to its Electronic Governance Act that require all software written for the country's government to be fully open-sourced and developed in the public Github repository . This means that source code of software developed for the Bulgarian government would be accessible to everyone and provided free for use without limitations. Article 58A of the Electronic Governance Act states that administrative...

It will take several more years for the government to fully install high-tech systems to block computer intrusions. This prolonged timeline enables criminals to become more adept at stealing sensitive data, experts say. As the Department of Homeland Security (DHS) methodically works to secure the approximately 2,400 network connections used daily by millions of federal workers, experts suggest that technology may already be outpacing them. The DHS, responsible for securing non-military government systems, is gradually moving all government Internet and e-mail traffic into secure networks. These networks will eventually be protected by intrusion detection and prevention programs. However, progress has been slow. Officials are trying to finalize complex contracts with network vendors, resolve technology issues, and address privacy concerns related to monitoring employees and public citizens. The recent WikiLeaks release of over a quarter-million sensitive diplomatic documents highligh...