A whistleblower’s disclosure details how DOGE may have taken sensitive labor data
In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board. The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.
New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
Organizations in the healthcare and pharmaceutical sectors have been targeted with a new, sophisticated malware family, according to an advisory from cybersecurity firm Morphisec. Dubbed ResolverRAT and observed in attacks as recently as March 10, the malware packs advanced in-memory execution and layered evasion capabilities, and heavily relies on runtime resolution mechanisms and dynamic resource handling. Despite similarities in lures, binary use, and payload delivery with previously documented phishing campaigns delivering Rhadamanthys and Lumma RATs, Morphisec researchers consider ResolverRAT to be a new malware family.
China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced” cyberattacks during the Asian Winter Games in February, targeting essential industries.
Police in the northeastern city of Harbin said three alleged NSA agents to a wanted list and also accused the University of California and Virginia Tech of being involved in the attacks after carrying out investigations, according to a report by state news agency Xinhua on Tuesday.
The CVE program for tracking security flaws is about to lose federal funding
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program – a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations. MITRE, the federally funded organization behind the program, confirmed to The Verge that its contract to “develop, operate, and modernize” CVE will expire on April 16th.
CVE Foundation Launched to Secure Vulnerability Tracking
In a major shift for the cybersecurity world, the CVE Foundation has officially been launched to ensure the long-term independence and stability of the Common Vulnerabilities and Exposures (CVE) Program—one of the foundational systems for global vulnerability tracking. This comes just one day after a leaked letter revealed that the U.S. government will no longer fund MITRE’s role in operating the CVE program, ending a 25-year sponsorship that began in 1999. The expiration of funding marks a pivotal moment for the CVE ecosystem, which has cataloged over 274,000 vulnerabilities to date and plays a critical role in cybersecurity tools, advisories, and global threat response operations.
