CISA Chief Uploaded Sensitive Files into ChatGPT

Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT

The interim head of the country’s cyber defense agency uploaded sensitive contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings that are meant to stop the theft or unintentional disclosure of government material from federal networks, according to four Department of Homeland Security officials with knowledge of the incident.

The apparent misstep from Madhu Gottumukkala was especially noteworthy because the acting director of the Cybersecurity and Infrastructure Security Agency had requested special permission from CISA’s Office of the Chief Information Officer to use the popular AI tool soon after arriving at the agency this May, three of the officials said. The app was blocked for other DHS employees at the time.

CISA to cease participation at RSAC conference after Biden-era cyber leader named CEO

The Cybersecurity and Infrastructure Security Agency will not partake in the RSAC cybersecurity conference in March, a decision that comes around a week after a top Biden-era cyber leader was named CEO of the event.

Jen Easterly, the former CISA director under President Joe Biden, was announced as the CEO of RSAC Conference last Thursday. Hours after the announcement, several top Trump administration cyber officials discussed plans to cancel their attendance, Nextgov/FCW first reported.

KPMG refutes alleged Nova ransomware hack of Dutch branch

UK multinational professional services network KPMG has repudiated claims made by the Nova ransomware gang purporting the breach of KPMG Netherlands, according to Techzine.

No additional details on the extent of the hack were provided by Nova, which only threatened to expose KPMG Netherlands' data should the firm refuse to pay the demanded ransom within 10 days.

"We are aware of claims on social media alleging that KPMG data has been accessed. The IT infrastructure and security systems managed by KPMG have not been compromised. KPMG takes cybersecurity seriously and we will continue to monitor the situation closely," said KPMG.

2025 Cyber Trends: What to Watch for and What You Can Do

The cyber threat landscape in 2025 was varied with greater ebbs and flows in threat actor activity than in previous years. After a relatively quiet first half, cyberattacks ramped up in the second half of the year. These included major operational disruption in the United Kingdom at auto manufacturer Jaguar Land Rover, exploitation of a zero-day vulnerability on the Oracle e-Business Suite leading to the reported compromise of dozens of businesses’ data, and the breach of a widely used Salesforce integration reported to have affected over 700 organizations. Earlier than expected, we also saw AI tools used not just to enhance, but also conduct, hacks. Anthropic discovered and publicly disclosed a state-sponsored attack designed and executed using autonomous artificial intelligence.

Against that backdrop, we outline in this Data Blog post five key trends we saw in 2025 and practical steps businesses may wish to take to address them.

From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative

For decades, healthcare systems were designed with one core principle: patient safety. Clinical devices operated in largely closed environments, disconnected from the internet, engineered for reliability rather than resilience against cyber threats, and the impact of a vulnerability in a device in isolation was limited. That era is over. Currently, digital transformation, cloud adoption, remote access, and AI-driven workflows are driving healthcare to innovate and, in doing so, have dramatically expanded the healthcare attack surface. The result is a threat environment where cyber incidents are no longer an IT disruption. They are a patient safety crisis.

Trellix’s 2025 Healthcare Cybersecurity Threat Intelligence Report provides a grounded, data-driven overview for executive leaders of what this new healthcare threat landscape looks like and what needs to change.

The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat

Against a steady drumbeat of ransomware attacks, data breaches, and sophisticated intrusions, President Donald Trump’s administration is preparing to release a new national cybersecurity strategy this month centered on offensive cyber operations. Senior officials have repeatedly emphasized hitting back at the hackers and nation-states who have compromised U.S. networks with seeming impunity. If early signals are any indication, the strategy will treat offense as the primary solution to the United States’ cybersecurity challenges.

Meanwhile, the administration has weakened the foundations of U.S. cyber defenses. The Cybersecurity and Infrastructure Security Agency (CISA) has seen its budget reduced and staffing slashed, and the agency still lacks a Senate-confirmed director. Similar cuts have affected cyber defense offices across federal agencies, and the administration is rolling back cybersecurity requirements for critical infrastructure operators.