This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Major workforce cuts planned for CISA
The agency is working on plans to “slash staffing and spending amid increased scrutiny from the White House, which is still chafing over what it sees as CISA’s role in suppressing conservative viewpoints.” Half of its full-time staff – 1,300 people – face removal, along with 40 percent of its contractors, according to a source with direct knowledge of the developing plans, speaking to Recorded Future News. A timetable for the announcement is also not yet set, they said.
AI code dependencies are a supply chain risk
Security researcher Seth Larson coined “slopsquatting” to describe this new software supply chain attack type. Similar to typosquatting, these attacks see threat actors proactively creating malicious packages on indexes named for ones commonly made up by LLMs when generating code. This isn’t as much of a fishing expedition as it might initially sound. The rate of LLM software package hallucinations varies widely depending on the LLM. Some open source LLMs create hallucinated packages over 35% of the time, while commercial models can hit rates of less than 5% depending on the programming language. A recent research paper from Socket on hallucinated software packages found 58% of hallucinated packages were repeated more than once across ten runs of the same code generation prompt. To their credit, both GPT-4 Turbo and DeepSeek were able to correctly identify hallucinated packages the models created with over 75% accuracy.
Government CVE funding set to end today/ Funding is back
(From Wednesday) MITRE confirmed to Reuters that its contract to fund the Common Vulnerabilities and Exposures, the familiar CVE database, expires on April 16, today. CISA confirmed the status of the contract, saying “we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.” Reuters did not receive comment from CISA or MITRE as to why the contract lapsed. Update: This morning, Bleeping Computer published that it was informed by CISA that “Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.” (Yahoo, Bleeping Computer)
Yesterday, the day that MITREs contract was set to expire, MITRE Vice President Yosry Barsoum confirmed that CISA has provided funding to avoid a break in service for both the Common Vulnerabilities and Exposures (CVE®) and the Common Weakness Enumeration (CWE™) programs. CISA issued a statement saying, “The CVE Program is invaluable to the cyber community and a priority of CISA.” The extension of MITRE’s contract is set for 11 months.
(Bleeping Computer and The Verge)
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Krebs exits SentinelOne after security clearance pulled
Following up on a story we brought to you Friday on Cyber Security Headlines, Chris Krebs has resigned as SentineOne’s Chief Intelligence and Public Policy Officer, effective immediately. This follows a presidential order that revoked Krebs’ security clearance and ordered a review of CISA’s conduct under his leadership. In a farewell note to SentialOne staff, Krebs said, “I want to be clear: this is my decision, and mine alone. This is my fight, not the company’s. This will require my complete focus and energy. It’s a fight for democracy, for freedom of speech, and for the rule of law. I’m prepared to give it everything I’ve got.”
ClickFix becoming a favorite amongst state-sponsored hackers
This technique gets users to infect their own machine by performing series of tasks, either by being fooled by spoofed prompts into correcting a Windows glitch, completing a CAPTCHA verification, or registering their device. It has become prevalent in recent months, and Proofpoint is now stating that “multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been deploying over the three-month period from late 2024 through the beginning of 2025. This is an escalation of sorts from simply being a tool for cybercrime groups.
Oregon Department of Environmental Quality suffers cyberattack
The Oregon Department of Environmental Quality, a regulatory agency that regulates the quality of air, land and water in the state, says it has found no evidence of a data breach following a cyberattack that occurred last week. Lauren Wirtis, a DEQ spokesperson for the department, said vehicle inspection stations were closed on Friday and that employee emails and servers are “expected to be down through the end of the week as the agency continues to check its computer systems.” The source of this attack has not yet been confirmed.