CISA Ordered to Reinstate Unlawfully Terminated Employees A US district judge has ruled that the mass layoffs of over 130 probationary employees from various government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), were unlawful. In response, CISA has requested former employees to reach out for verification, as it lacks complete contact information. Rehired staff will receive full pay and benefits while on administrative leave.
Google Acquires Wiz for $32 Billion in Landmark Deal Google Cloud has finalized the acquisition of Israeli cybersecurity firm Wiz for $32 billion, making it the company’s largest purchase to date. The deal surpasses Google’s 2012 Motorola Mobility acquisition, which was valued at $12.5 billion. If the agreement collapses or faces significant delays, Wiz and Alphabet have negotiated a $3.2 billion termination fee, allowing Wiz to continue as an independent entity.
US Commerce Department Bans DeepSeek AI on Government Devices The US Commerce Department has issued a ban on the use of China’s DeepSeek AI model on all government-furnished devices due to security concerns. Government employees were instructed via email to avoid downloading, viewing or accessing DeepSeek-related applications and websites.
US Lawmakers Reintroduce Bill to Strengthen Rural Water Cybersecurity In an effort to bolster cybersecurity defenses for small water utilities, US lawmakers have reintroduced the Cybersecurity for Rural Water Systems Act of 2025. The bill proposes expanding the Circuit Rider Program to fund cybersecurity experts, providing training and technical support for rural water systems serving populations under 10,000. Currently, only 20% of US water systems are considered to have adequate cybersecurity protections.
New StilachiRAT Malware Uses Advanced Evasion Techniques Microsoft has identified a highly sophisticated remote access trojan (RAT) named StilachiRAT, which is designed for data theft, persistence, and stealth. The malware targets credentials, cryptocurrency wallets, and system information using API obfuscation and watchdog threads. It also monitors RDP sessions and communicates with command-and-control (C2) servers via obfuscated domains. Microsoft has yet to attribute the malware to a specific actor or region.
DOGE Aide Violated Treasury Policy by Sending Unencrypted Data Marko Elez, a former aide at the Department of Government Efficiency (DOGE), allegedly breached US Treasury security policies by emailing an unencrypted database containing sensitive information. The unauthorized disclosure is now part of a broader legal case challenging DOGE’s access to Treasury payment systems. Elez resigned in February following an internal investigation.
March Madness Cyber Threats Could Lead to $20 Billion in Losses Cybersecurity experts warn that this year’s NCAA March Madness tournament could result in cyber losses exceeding $18.3 billion due to phishing attacks targeting users with fake tournament brackets and betting promotions. Attackers aim to steal credentials and financial data, while fraudulent betting platforms mimic legitimate ones to siphon funds. Security professionals advise using modern email security measures and real-time threat detection to mitigate risks.
ChatGPT Vulnerability Exploited in Growing Cyber Attacks Cybercriminals are actively exploiting a server-side request forgery (SSRF) vulnerability in ChatGPT’s pictureproxy.php file, targeting financial and government institutions. Over 10,000 attack attempts have been recorded within a week, with 35% of affected organizations vulnerable due to misconfigured Web Application Firewalls or Intrusion Prevention Systems. Financial and healthcare companies in Germany, Thailand, Indonesia, Colombia, and the UK have also been impacted.
Critical AMI BMC Vulnerability Puts Servers at Risk A major security flaw in AMI’s baseboard management controller (BMC) firmware threatens millions of devices globally, including those from HPE, Asus, Asrock, and Lenovo. The vulnerability, which affects the Redfish management interface, allows remote attackers to bypass authentication and take control of targeted systems. This could enable malware deployment, firmware tampering, and even hardware damage. AMI has issued patches, but users must wait for OEMs to distribute them.
