At a glance.
- President Trump fires the head of NSA and Cyber Command.
- Oracle Health informs customers of breach.
- Attackers exploit critical CrushFTP vulnerability following disclosure mix-up.
- DPRK's fraudulent IT worker operations expand to Europe.
- FTC says prospective 23andMe buyers must uphold privacy commitments.
President Trump fires the head of NSA and Cyber Command.
The Trump Administration has fired NSA director Gen. Timothy Haugh along with his civilian deputy Wendy Noble, the Washington Post reports. Noble has been reassigned to a position within the Pentagon’s Office of the Undersecretary of Defense for Intelligence and Security. Army Lt. Gen. William Hartman has assumed leadership of NSA in an acting capacity.
The specific reasons for the firings are unclear; however, right-wing activist Laura Loomer told the Post she had advocated for the firings during a meeting with President Trump on Wednesday, noting that both officials were appointed under former President Biden.
Oracle Health informs customers of breach.
Oracle Health (formerly Cerner), a provider of SaaS products for the healthcare sector, has sent breach notifications informing customers that a threat actor stole patient data from legacy servers, BleepingComputer reports. The notifications state, "We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud."
The company hasn't publicly acknowledged the breach. Bloomberg says the hackers stole data in an attempt to extort medical providers, and the FBI is investigating the incident.
Attackers exploit critical CrushFTP vulnerability following disclosure mix-up.
Outpost24 has published a blog post on the "disclosure mess" surrounding a critical vulnerability (CVE-2025-31161) affecting the CrushFTP file transfer service, which is now being exploited in attacks. CrushFTP issued a patch for the flaw on March 21st, while a CVE identifier was still pending with MITRE. Several days later, vulnerability intelligence firm VulnCheck, which is a CVE Numbering Authority, gave the flaw the identifier CVE-2025-2825. Outpost24, which discovered and responsibly disclosed the flaw, had agreed to wait 90 days before disclosing details, but other security firms began analyzing the issue following VulnCheck's classification. A proof-of-concept exploit is now available. MITRE assigned the vulnerability the identifier CVE-2025-31161 on March 27th.
Outpost24 states, "The vulnerability is now being exploited by remote attackers, who are using it to gain unauthenticated access to devices running unpatched versions of CrushFTP v10 or v11. There have been over 1,500 vulnerable instances exposed online. The threat is particularly concerning as file transfer products like CrushFTP are often targeted by ransomware gangs. CrushFTP has released patches to address the issue, and the recommended action is to immediately update to version 10.8.4 or 11.3.1 and later."
DPRK's fraudulent IT worker operations expand to Europe.
North Korea's fraudulent IT worker operations have expanded globally, with a notable focus on Europe, following a crackdown by the US Justice Department, according to Google's Threat Intelligence Group. These operations involve North Korean citizens obtaining remote jobs at foreign companies in order to generate revenue for Pyongyang. Google observed DPRK workers seeking employment in Germany, Portugal, the UK, and at least ten other European countries. The researchers also identified facilitators located in the UK, who helped the DPRK workers appear as though they were located in Europe.
FTC says prospective 23andMe buyers must uphold privacy commitments.
The US Federal Trade Commission (FTC) has sent a letter informing 23andMe's bankruptcy trustees that any buyer of the company or its assets must uphold the firm's previous privacy and security pledges, BankInfoSecurity reports. The DNA testing firm's bankruptcy had raised privacy concerns about the future of the company's massive trove of customers' genetic data.
Patch news.
Apache has patched a maximum severity remote code execution flaw affecting Apache Parquet, BleepingComputer reports. The vulnerability (CVE-2025-30065) involves "schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions," and requires a threat actor to trick a user into importing a specially crafted Parquet file.
Google and Mozilla have both released new browser versions, fixing several high-severity memory safety vulnerabilities, SecurityWeek reports. Chrome 135 contains fourteen security fixes, including a use-after-free flaw (CVE-2025-3066) that could allow a remote attacker to "exploit heap corruption via a crafted HTML page." Google paid out a total of $18,000 in bug bounty rewards to the security researchers who discovered the flaws. Firefox 137 fixes eight vulnerabilities, including three high-severity flaws (CVE-2025-3028, CVE-2025-3030, and CVE-2025-3034).
Policies, procurements, and agency equities.
The UK government has published details on its upcoming Cyber Security and Resilience (CSR) Bill, which will be introduced to Parliament later this year, the Register reports. Notably, the bill would impose daily £100,000 fines for organizations that fail to act against specific threats within a government-specified deadline.
