Explore

General Services Administration Secures 65% Discount on Cloud Security Tools with Tenable Agreement

General Services Administration Secures 65% Discount on Cloud Security Tools with Tenable Agreement

General Services Administration Secures 65% Discount on Cloud Security Tools with Tenable Agreement

Former Accenture Employee Charged with Cybersecurity Fraud Affecting Government Contracts

Former Accenture Employee Charged with Cybersecurity Fraud Affecting Government Contracts

The U.S. Department of Justice has charged Danielle Hillmer, a former senior manager at Accenture, with cybersecurity fraud. Hillmer, 53, from Chantilly, Virginia, is accused of lying about a cloud platform's compliance with Department of Defense security requirements. Between March 2020 and November 2021, Hillmer allegedly concealed security deficiencies in the platform and instructed others to do the same, affecting audits and compliance with the Federal Risk and Authorization Management Program (FedRAMP) and the Department of Defense’s Risk Management Framework. The indictment claims she falsely represented that the platform had implemented necessary security controls, such as access controls and monitoring, to secure government contracts. This activity was disclosed by Accenture in a 2023 SEC filing, which led to a government investigation. Hillmer faces charges of wire fraud, major government fraud, and obstruction of a federal audit, with potential decades-long prison sentences if convicted.

Adobe Releases Critical Security Patches for Multiple Products

Adobe Releases Critical Security Patches for Multiple Products

Adobe has announced the release of patches addressing nearly 140 vulnerabilities across several of its products, including ColdFusion and Experience Manager. The updates include fixes for critical-severity bugs that could allow arbitrary code execution. In ColdFusion, 12 security defects were addressed, with the most severe being unrestricted dangerous file upload and improper input validation. Experience Manager received updates for 117 vulnerabilities, primarily cross-site scripting flaws. Adobe has prioritized these updates, urging users to apply them promptly to mitigate potential security risks. The company has not reported any active exploitation of these vulnerabilities in the wild.

Technology Modernization Fund Reauthorization Excluded from NDAA, Future Uncertain

Technology Modernization Fund Reauthorization Excluded from NDAA, Future Uncertain

The Technology Modernization Fund (TMF) reauthorization was not included in the final text of the National Defense Authorization Act (NDAA), leaving its future uncertain. With the fund's authorization set to expire in four days, nearly $160 million in funding for government technology projects is at risk of being frozen. The TMF, established in 2017, supports long-term modernization projects that do not align with the annual appropriations cycle. Despite efforts from political leaders and the House Oversight and Reform Committee to secure reauthorization, the fund's future remains unclear. The General Services Administration (GSA) has highlighted the TMF's impact, including saving 378 million work hours and delivering billions in cost savings.

React2Shell Vulnerability Exploitation Surges, Affecting Over 50 Organizations

React2Shell Vulnerability Exploitation Surges, Affecting Over 50 Organizations

A critical vulnerability known as React2Shell in React Server Components has led to a surge in cyberattacks, affecting more than 50 organizations globally. The Cybersecurity and Infrastructure Security Agency has expedited the deadline for patching the vulnerability to mitigate risks. The vulnerability, identified as CVE-2025-55182, has been exploited by various threat actors, including nation-state attackers and cybercriminals. The attacks have targeted organizations across multiple sectors, including financial services, technology, and government. The vulnerability affects several React frameworks and bundlers, making it a widespread issue. Security experts have compared the React2Shell defect to the Log4Shell exploit, noting its potential for significant impact.

President Trump Proposes Demolition of Four Federal Buildings Amid Preservationist Concerns

President Trump Proposes Demolition of Four Federal Buildings Amid Preservationist Concerns

President Trump is reportedly considering the demolition of four historic federal buildings in Washington, D.C., according to a historic preservationist. Mydelle 'Mina' Wright, a former senior official at the General Services Administration (GSA), claims that the White House is bypassing the GSA to solicit bids for the demolition of these buildings. The buildings in question include the Robert C. Weaver Building, the Wilbur J. Cohen Federal Building, the GSA Regional Office Building, and the Liberty Loan Building. The Trump administration, however, has stated in court filings that the government is contemplating transferring ownership of these buildings rather than demolishing them. The administration's actions have sparked a legal battle, with preservationists suing to ensure that any changes to these buildings follow a standard review process.

European Commission Partners with Capgemini and Others for Cybersecurity Enhancement

European Commission Partners with Capgemini and Others for Cybersecurity Enhancement

The European Commission has selected a consortium, including Capgemini, Airbus Protect, PwC, and Nviso, to enhance cybersecurity for 71 European institutions. This partnership is part of the MC17 FREIA Cyber Framework Contract, a significant digital protection initiative. The contract, valued at several million euros, spans four years and covers incident management, governance and risk, and training and technical expertise. The consortium aims to improve the resilience of European institutions, address evolving threats, and support digital transformation initiatives. They will also assist in implementing key cybersecurity regulations such as the NIS2 Directive and the Digital Operational Resilience Act.

Initial Access Brokers Increase Cyberattacks on Critical Infrastructure, Report Finds

Initial Access Brokers Increase Cyberattacks on Critical Infrastructure, Report Finds

A report by Check Point highlights the growing role of initial access brokers (IABs) in facilitating cyberattacks, including those targeting critical infrastructure. The report notes a significant increase in IAB activity, which allows advanced adversaries to outsource intrusion tasks, making it easier to breach targets. This trend is particularly concerning for sectors like government, healthcare, and transportation, where IAB-assisted attacks have surged. The report calls for enhanced identity security and protection of software supply chains to mitigate these threats.

Technology Modernization Fund Reauthorization Excluded from NDAA, Threatening Government Tech Projects

Technology Modernization Fund Reauthorization Excluded from NDAA, Threatening Government Tech Projects

The Technology Modernization Fund (TMF), a crucial financial resource for U.S. government technology projects, was not included in the final text of the National Defense Authorization Act (NDAA). This exclusion leaves the future of the TMF uncertain, as its authorization is set to expire soon. The TMF, established in 2017, supports long-term modernization projects that do not align with the annual appropriations cycle. Without reauthorization, approximately $160 million in funding will be frozen, affecting new investments. The General Services Administration (GSA) and the Office of Management and Budget have been advocating for the fund's continuation, emphasizing its role in saving work hours and delivering cost savings. The House Oversight and Reform Committee plans to address the reauthorization in the new year.

Cyberani and KPMG Collaborate to Enhance Cybersecurity in Saudi Arabia's Industrial Sector

Cyberani and KPMG Collaborate to Enhance Cybersecurity in Saudi Arabia's Industrial Sector

Cyberani, a cybersecurity company under Aramco Digital, and KPMG have formed a strategic partnership to bolster cybersecurity in Saudi Arabia's industrial sectors, including energy, water, aviation, and manufacturing. This collaboration aims to advance both Information Technology (IT) and Operational Technology (OT) security. The partnership will establish joint innovation facilities, such as a Digital Twin and Simulation Lab, to preemptively address cyber risks. Additionally, the initiative includes training 100 Saudi specialists in OT cybersecurity over the next three years, with opportunities for international experience through KPMG's global offices.

President Trump Considers Demolition of Historic Federal Buildings in Washington

President Trump Considers Demolition of Historic Federal Buildings in Washington

The Trump administration is reportedly considering the demolition of four historic federal buildings in Washington, D.C., including those that housed the Department of Housing and Urban Development and Voice of America. This information was revealed by a former government official in a court declaration. The White House is allegedly seeking bids for the demolition without consulting the General Services Administration (GSA), which is responsible for maintaining government buildings. The GSA has not conducted the necessary procedures under historic preservation and environmental laws for these buildings, according to the declaration. The buildings in question include the Robert C. Weaver Federal Building, the Wilbur J. Cohen Federal Building, the GSA Regional Office Building, and the Liberty Loan Building. The declaration was presented during a court hearing involving a lawsuit by historic preservation groups aiming to block President Trump from altering another historic building.

Viavi and QNu Labs Partner to Enhance Quantum Security Standards

Viavi and QNu Labs Partner to Enhance Quantum Security Standards

Viavi and QNu Labs Partner to Enhance Quantum Security Standards